######################################################################### # GNUPG_README_VMS_I64.TXT (How to use GnuPG V1.2.4 on OpenVMS I64) # # Date: June 15, 2007 # ######################################################################### Disclaimer: "GnuPG for OpenVMS" is a port of the GnuPG Open Source Project to OpenVMS. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. or http://www.opensource.org/licenses/gpl-license.php --------------------------------------------------------------------- Requirements (for GnuPG on OpenVMS) - OpenVMS for Integrity servers (I64) Version 8.2 or higher + HP C Version 7.1 -or- - OpenVMS Alpha Version 7.2-2 or higher + Compaq/DEC C Version 6.0 or higher 1. Extract the GnuPG directories and files from the backup saveset, GNUPG-1_2_4.BCK. It is recommended that you extract to SYS$COMMON, $ set default SYS$COMMON:[000000] $ backup GNUPG-1_2_4.BCK/save [...] This command will create the GnuPG directory tree in SYS$COMMON:[GnuPG...]. (This file, README_VMS.TXT, resides in the [.GNUPG] directory) 2. Use GnuPG on OpenVMS 2.1. Define symbols and install the GnuPG image To use GnuPG commands on OpenVMS, GPG & GPGV symbols must be defined. The executable images are included in the G10 directory. For Itanium: GPG_IA64.EXE & GPGV_IA64.EXE For Alpha: GPG_ALPHA.EXE & GPGV_ALPHA.EXE For VAX: GPG_VAX.EXE & GPGV_VAX.EXE Alpha examples: If GnuPG-1_2_4 is in SYS$COMMON:[GNUPG], $ gpg == "$SYS$COMMON:[GNUPG.GNUPG-1_2_4.G10]GPG_ALPHA.EXE" $ gpgv == "$SYS$COMMON:[GNUPG.GNUPG-1_2_4.G10]GPGV_ALPHA.EXE" To use the GnuPG's secure memory functionality on OpenVMS, the PSWAPM priviledge must be set with either the user process or the gpg image. If the image is installed with the priviledge, any user can use GnuPG with the secure memory. To install the gpg image with the PSWAPM priviledge (on ALPHA): $ install create /priviledged=PSWAPM SYS$COMMON:[GNUPG.GNUPG-1_2_4.G10]GPG_ALPHA.EXE 2.2. GnuPG commands Once the gpg and gpgv symbols are defined-- you are ready to use GnuPG on OpenVMS. Display help menu: $ gpg -h $ gpgv -h Basic commands: Generate a new keypair $ gpg --gen-key List keys on a public keyring $ gpg --list-keys Export a public key: >> into a binary format $ gpg --output alice.gpg --export alice@gnupg.org >> into an ASCII-armored format $ gpg --output alice.asc --armor --export alice@gnupg.org Import a public key into the public keyring $ gpg --import bob@gnupg.org Validating the imported key $ gpg --edit-key bob@gnupg.org Command> fpr Command> sign Command> check !! Read the "Important" section below before trying the following commands. Encrypt a file $ gpg --output doc.gpg --recipient bob@gnupg.org --encrypt doc.txt Decrypt the encrypted file $ gpg --output doc.txt --decrypt doc.gpg Sign a file $ gpg --output doc.sig --sign doc.txt Verify the signed file $ gpg --verify doc.sig Verify & extract the signed file $ gpg --output doc.txt --decrypt doc.sig Clearsign a file (wrap a file with an ASCII-armored signature) $ gpg --clearsign doc.txt For more GnuPG commands and details about GnuPG, refer to the online documentation (http://www.gnupg.org/docs.html). !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! IMPORTANT !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 1. To use the GnuPG's secure memory functionality on OpenVMS, the PSWAPM privilege is necessary. If the process doesn't have the privilege, the gpg command issues the following warnings (then, the command will be executed). ---------------------------------------------------------------------- gpg: WARNING: PSWAPM privilege is necessary for secure memory on OpenVMS gpg: WARNING: using insecure memory! ---------------------------------------------------------------------- In order to resolve this warning messages, the gpg user process must have the PSWAPM priviledge, or the gpg image must be installed with priviledge. To assign the PSWAPM priviledge to the user process: $ set process/priviledge=PSWAPM To install the gpg image with the PSWAPM priviledge (on ALPHA): $ install create /priviledged=PSWAPM SYS$COMMON:[GNUPG.GNUPG-1_2_4.G10]GPG_ALPHA.EXE 2. UNIX style specification should be used with the "--homedir" option. < Example > If the home directory (storing pubring.pgp, secring.gpg, trustdb.gpg, etc.) is DKA0:[ALICE.GNUPG], run the following. $ gpg --homedir /DKA0/ALICE/GNUPG --list-key 3. Set up permission (file protection) of the home directory. Remove GROUP (G) and WORLD (W) access to the directory. Otherwise, the gpg command issues a warning: --------------------------------------------------------------------- gpg: WARNING: unsafe permissions on homedir "/dka0/alice/gnupg" --------------------------------------------------------------------- < Example > To remove GROUP and WORLD access: $ set security /protection=(g,w) DKA0:[ALICE]GNUPG.DIR 4. GnuPG V1.2.4 for OpenVMS can encrypt and sign an input file in any file format. After the files have been processed by GnuPG version 1.2.4 for OpenVMS, they will then be in the Stream LF format. A. [OPTION] Build GnuPG for OpenVMS The GnuPG images (GPG_ALPHA.EXE & GPGV_ALPHA.EXE for Alpha, GPG_IA64.EXE & GPGV_IA64.EXE for Itanium and GPG_VAX.EXE & GPGV_VAX.EXE for VAX) are included in this kit. To execute/build the GPGKEYS_LDAP tool in [.KEYSERVER], the LDAP shareable image (LDAP$SHR.EXE) is required in SYS$LIBRARY. If it doesn't exist on your ALPHA system, copy it from the [GNUPG.VMS] directory to SYS$LIBRARY. On OpenVMS IA64 V8.2, the LDAP shareable image is available in SYS$LIBRARY. If you wish to build new GnuPG images on your system, follow the instructions below: - Move to the "VMS" directory ($ set default [.GNUPG-1_2_4.VMS]) - @BUILD_GNUPG.COM New images will be created in [.GNUPG-1_2_4.G10] after completing this build command procedure. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! compilation issues !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 1. If a compiler warning "%CC-W-PTRMISMATCH" appears during building GnuPG, replace "/warn=(disable=PTRMISMATCH1)" with "/warn=(disable=PTRMISMATCH)" in BUILD_GNUPG.COM. 2. "%CC-I-XXXXX" messages are informational, not a warning or an error.