*WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING*
This copy of gnupg has been patched in such a way that key generation
for anything *other* than vanity keys is horribly slow and, unless
generating Curve25519 EdDSA keys, broken. DO NOT INSTALL ON ANY SYSTEM.
Compile & use from the build dir.

(Generating vanity keys is also "horribly slow" for certain definitions
of slow. Hitting a 32-bit vanity keyid can be done in a matter of hours
on a decent machine.)


Usage: Change the if-statements in agent/genkey.c and g10/keygen.c to
reflect your choice of 32-bit keyid. Of course, feel free to use bit
masking to go for shorter matches - a 24-bit keyid substring takes
on average about 3 minutes to generate hit on my machine.

Then, configure. My configure line looks like this:
        ./configure \
                --prefix=/usr \
                --sysconfdir=/etc \
                --sbindir=/usr/bin \
                --libexecdir=/usr/lib/gnupg \
                --enable-maintainer-mode \
                --enable-symcryptrun \
                --enable-gpgtar

Now, make. DO NOT MAKE INSTALL. Just make.

Edit vanity/batchparams to reflect the desired contents of the key.

Now, run an external entropy gathering deamon like rngd. If that isn't
enough, under linux, consider replacing /dev/random with the /dev/urandom
character device (rm /dev/random; mknod /dev/random c 1 9), but only
*after* sufficiently seeding the entropy pool using e.g. rngd. Blocking
/dev/random and entropy estimation are laughable as long as the entropy
pool has been thoroughly seeded. For an extensive explanation why this is,
see <http://www.2uo.de/myths-about-urandom/>.

Make sure that directories .gnupg{1..4} are present in the directory
from where you run startagents.sh and generate.sh, and that they are
chmod 700.

Don't forget to change the crappy passphrase. Enjoy your keys.


NOTE: As you can see by inspecting the code, I've copied over some
pretty big chunks of code from g10 (gpg2) to agent (gpg-agent) to
enable the agent to create a corresponding public key and extract
the keyid. Be careful when using this on a different version of gnupg;
ensure that the duplicated code in agent is correct w.r.t. the
corresponding code in g10.




                       The GNU Privacy Guard 2
                      =========================
                             Version 2.1

          Copyright 1997-2015 Werner Koch
          Copyright 1998-2015 Free Software Foundation, Inc.


* INTRODUCTION

  GnuPG is a complete and free implementation of the OpenPGP standard
  as defined by RFC4880 (also known as PGP).  GnuPG allows to encrypt
  and sign data and communication, features a versatile key management
  system as well as access modules for public key directories.

  GnuPG, also known as GPG, is a command line tool with features for
  easy integration with other applications.  A wealth of frontend
  applications and libraries making use of GnuPG are available.  Since
  version 2 GnuPG provides support for S/MIME and Secure Shell in
  addition to OpenPGP.

  GnuPG is Free Software (meaning that it respects your freedom). It
  can be freely used, modified and distributed under the terms of the
  GNU General Public License.

  We are currently maintaining three branches of GnuPG:

  - 2.1 (i.e. this release) is the latest development with a lot of
    new features.

  - 2.0 is the current stable version for general use.

  - 1.4 is the old standalone version which is most suitable for older
    or embedded platforms.

  You may not install 2.1 and 2.0 at the same time.  However, it is
  possible to install 1.4 along with any of the 2.x versions.


* BUILD INSTRUCTIONS

  GnuPG 2.1 depends on the following GnuPG related packages:

    npth         (ftp://ftp.gnupg.org/gcrypt/npth/)
    libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/)
    libgcrypt    (ftp://ftp.gnupg.org/gcrypt/libgcrypt/)
    libksba      (ftp://ftp.gnupg.org/gcrypt/libksba/)
    libassuan    (ftp://ftp.gnupg.org/gcrypt/libassuan/)

  You should get the latest versions of course, the GnuPG configure
  script complains if a version is not sufficient.

  For some advanced features several other libraries are required.
  The configure script prints diagnostic messages if one of these
  libraries is not available and a feature will not be available..

  You also need the Pinentry package for most functions of GnuPG;
  however it is not a build requirement.  Pinentry is available at
  ftp://ftp.gnupg.org/gcrypt/pinentry/ .

  After building and installing the above packages in the order as
  given above, you may continue with GnuPG installation (you may also
  just try to build GnuPG to see whether your already installed
  versions are sufficient).

  As with all packages, you just have to do

    ./configure
    make
    make install

  (Before doing install you might need to become root.)

  If everything succeeds, you have a working GnuPG with support for
  OpenPGP, S/MIME, ssh-agent, and smartcards.  Note that there is no
  binary gpg but a gpg2 so that this package won't conflict with a
  GnuPG 1.4 installation.  gpg2 behaves just like gpg.

  In case of problem please ask on the gnupg-users@gnupg.org mailing
  list for advise.

  Instruction on how to build for Windows can be found in the file
  doc/HACKING in the section "How to build an installer for Windows".
  This requires some experience as developer.

  Note that the PKITS tests are always skipped unless you copy the
  PKITS test data file into the tests/pkits directory.  There is no
  need to run these test and some of them may even fail because the
  test scripts are not yet complete.

  You may run

    gpgconf --list-dirs

  to view the default directories used by GnuPG.

  To quickly build all required software without installing it, the
  Speedo method may be used:

    make -f build-aux/speedo.mk  native

  This method downloads all required libraries and does a native build
  of GnuPG to PLAY/inst/.  GNU make is required and you need to set
  LD_LIBRARY_PATH to $(pwd)/PLAY/inst/lib to test the binaries.

** Specific build problems on some machines:

*** Apple OSX 10.x using XCode

  On some versions the correct location of a header file can't be
  detected by configure.  To fix that you should run configure like
  this

    ./configure  gl_cv_absolute_stdint_h=/usr/include/stdint.h

  Add other options as needed.


* MIGRATION from 1.4 or 2.0 to 2.1

  The major change in 2.1 is gpg-agent taking care of the OpenPGP
  secret keys (those managed by GPG).  The former file "secring.gpg"
  will not be used anymore.  Newly generated keys are stored in the
  agent's key store directory "~/.gnupg/private-keys-v1.d/".  The
  first time gpg needs a secret key it checks whether a "secring.gpg"
  exists and copies them to the new store.  The old secring.gpg is
  kept for use by older versions of gpg.

  Note that gpg-agent now uses a fixed socket.  All tools will start
  the gpg-agent as needed.  The formerly used environment variable
  GPG_AGENT_INFO is ignored by 2.1.  The SSH_AUTH_SOCK environment
  variable should be set to a fixed value.

  The Dirmngr is now part of GnuPG proper and also used to access
  OpenPGP keyservers.  The directory layout of Dirmngr changed to make
  use of the GnuPG directories.  Dirmngr is started by gpg or gpgsm as
  needed. There is no more need to install a separate Dirmngr package.


* DOCUMENTATION

  The complete documentation is in the texinfo manual named
  `gnupg.info'.  Run "info gnupg" to read it.  If you want a a
  printable copy of the manual, change to the "doc" directory and
  enter "make pdf" For a HTML version enter "make html" and point your
  browser to gnupg.html/index.html.  Standard man pages for all
  components are provided as well.  An online version of the manual is
  available at [[https://gnupg.org/documentation/manuals/gnupg/]] .  A
  version of the manual pertaining to the current development snapshot
  is at [[https://gnupg.org/documentation/manuals/gnupg-devel/]] .


* GnuPG 1.4 and GnuPG 2.0

  GnuPG 2.0 is a newer version of GnuPG with additional support for
  S/MIME.  It has a different design philosophy that splits
  functionality up into several modules.  Both versions may be
  installed simultaneously without any conflict (gpg is called gpg2 in
  GnuPG 2).  In fact, the gpg version from GnuPG 1.4 is able to make
  use of the gpg-agent as included in GnuPG 2 and allows for seamless
  passphrase caching.  The advantage of GnuPG 1.4 is its smaller size
  and no dependency on other modules at run and build time.


* HOW TO GET MORE INFORMATION

  A description of new features and changes in version 2.1 can be
  found in the file "doc/whats-new-in-2.1.txt" and online at
  "https://gnupg.org/faq/whats-new-in-2.1.html" .

  The primary WWW page is "https://www.gnupg.org"
             or using TOR "http://ic6au7wa3f6naxjq.onion"
  The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/"

  See [[https://gnupg.org/download/mirrors.html]] for a list of
  mirrors and use them if possible.  You may also find GnuPG mirrored
  on some of the regular GNU mirrors.

  We have some mailing lists dedicated to GnuPG:

     gnupg-announce@gnupg.org   For important announcements like new
                                versions and such stuff.  This is a
                                moderated list and has very low traffic.
                                Do not post to this list.

     gnupg-users@gnupg.org      For general user discussion and
                                help (English).

     gnupg-de@gnupg.org         German speaking counterpart of
                                gnupg-users.

     gnupg-ru@gnupg.org         Russian speaking counterpart of
                                gnupg-users.

     gnupg-devel@gnupg.org      GnuPG developers main forum.

  You subscribe to one of the list by sending mail with a subject of
  "subscribe" to x-request@gnupg.org, where x is the name of the
  mailing list (gnupg-announce, gnupg-users, etc.). See
  https://www.gnupg.org/documentation/mailing-lists.html for archives
  of the mailing lists.

  Please direct bug reports to http://bugs.gnupg.org or post them
  direct to the mailing list <gnupg-devel@gnupg.org>.

  Please direct questions about GnuPG to the users mailing list or one
  of the PGP newsgroups; please do not direct questions to one of the
  authors directly as we are busy working on improvements and bug
  fixes.  The English and German mailing lists are watched by the
  authors and we try to answer questions when time allows us.

  Commercial grade support for GnuPG is available; for a listing of
  offers see https://www.gnupg.org/service.html .  Maintaining and
  improving GnuPG requires a lot of time.  Since 2001, g10 Code GmbH,
  a German company owned and headed by GnuPG's principal author Werner
  Koch, is bearing the majority of these costs.  To keep GnuPG in a
  healthy state, they need your support.

  Please consider to donate at https://gnupg.org/donate/ .


# This file is Free Software; as a special exception the authors gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. For conditions
# of the whole package, please see the file COPYING.  This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Local Variables:
# mode:org
# End: