(emacs, please switch to -*-indented-text-*- mode)

  Welcome to version 1.1 of PGPlib.

How to install (skip on first reading)
==========

  * Decide when you want the PGPlib sources, let us assume ~/src/
    Go there.
  * Uncompress PGPlib.tar.gz, which should give you the file
    PGPlib.tar.
  * UnTar PGPlib.tar.  This will give you three files in the CURRENT
    direcrity.  That is, in ~/src/ you will find the following three
    files 
          README               : This file
          PGPlib-1.1.tar       : The sources
          PGPlib-1.1.tar.sig   : My signature on the sources
  * Verify that the sources are the ones I distributed by running
          pgp PGPlib-1.1.tar.sig
    and verify that PGP prints "Good signature from user Tage Stabell-Kulo
    <tage@cs.uit.no>".  You should get my key from any keyserver.  It
    is also included in the application direcrity (to add my key to
    your keyring, run PGP on applications/puring.tage).
  * Unpack the sources.  This will give you the directory PGPlib-1.1.
  * Change you working directory to PGPlib-1.1.
  * Configure the sources by means of ./configure.  If you encounter
    any problems, read teh file PGPlib-1.1/INSTALL.
  * Type make; grab an espresso.
  * Verify that everything compiled correctly by running the script in
    PGPlib-1.1/applications/text.sh.  You need to edit the script
    first (to ensure that you read my warnings, sorry).

  If you fetched the file PGPlib-1.1.tar.gz (rather than
  PGPlib.tar.gz) you didn't obtain my signature, skip the signature
  verification part and just unpack.

What is there for you
=====================

  PGPlib is a library that lets you generate (and manipulate) PGP
  packets without having to run PGP.  In particular there is code to
  generate and understand the following types of PGP packets:

  - Data can be signed with a private key
  - Data can be encrypted with a public key
  - Data encrypted with your public key can be decrypted
  - You can verify signatures on public keys and on buffers (files)
  - Convential encrypted (IDEA with Zimmermann's context sensitive
    feedback).  The library can both read (decrypt) and write
    (encrypt) convential packets (in PGP format)
  - Armor.  You can (de)armor a buffer or a file into a buffer or a
    file
  - UserID packets are read and written in a variety of formats
  - Literal with filename, mode, etc.  You can create literate
    packages from files, or from buffers, and create files from
    literate packets
  - Keys can be obtained from a database (which is provided) or by
    parsing keyrings.  Keys can be kept in buffers or on files
  - You can maintain a PGP public-key database (I use this library to
    maintain a database with ~40.000 keys).  There is code to use DBM
    as supplied from Berkeley.  A copy of DBM is included for your
    convinience

  In general, PGPlib operates on buffers in order for you to use it in
  your applications.

  I have made a small program that will (de)armor anything, a parser
  to parse PGP files (including decryption and so on), a shell to
  manipulate a keydatabase, a keyserver to run on top of such a
  database, a program to verify signatures on keys and/or files, a
  program to split keyrings in smaller parts and a program that will
  sign files for you.  You will find all these (and many in the
  PGPlib/applications/ directory.  None of these uses PGP as they are
  linked with PGPlib, which provides all the functionality that is
  needed.

  I believe that all parts of the library is tested against PGP by the
  script PGPlib/applications/test.sh.  You need to edit it in order to
  make it run (to ensure that you read my warnings, sorry about this).


What is not there for you
=========================

  - Sufficient documentation.

  I have written this library because I need it.  In order to make
  life less hard for my students, I will have to provide some
  documentation.  Possibly even on-line.  However, quite a few manual
  pages are included in the man/ directory.


What you need
=============

  - Unix (for some definition of "Unix")

  - GNU Make.  If you do not have it you will have to edit away the
    conditionals in the top-level Makefile.  WITH_SSL is set to either
    "yes" or "no" by configure and SSL is either compiled in or not.
    The syntax of the conditional is as GNU make wants it, not at BSD
    make wants it. Life is tough.

  - You should have the SSLeay library as I have not implemented any
    cryptographic functionality; I hope SSLeay is a good choice.  I
    did not major in mathematics and can thus not judge the quality of
    their work, although it looks solid (to me).  I link with their
    version 0.8.1.  I rely on SSLeay for BIGNUMs, MD5, RSA encryption
    and IDEA.

  If you are unable to find a version, a small subset of SSLeay is
  included in this release.  When you configure the software, the
  supplied copy is used if no "real" installation can be found.
  However, I recommend that you install a full (and new) version.  IN
  any case, the supplied version will not install, and you must find
  somewhere to store it.

  SSLeay is quite large and I only use a fraction of it.  On the
  other hand, SSLeay seems to be well maintained and their
  crypto-library might very well shrink or become more modular as
  time passes.  The best thing would be if you had a new and well
  maintained version of SSLeay installed.  If you don't, configure
  will detect this fact and use a (minimalistic) version that I have
  supplied for your convinience.

  You can obtain SSLeay from:
     * ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/ - SSLeay source
     * ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/ - SSL applications
     * http://www.psy.uq.oz.au/~ftp/Crypto/ssl.html - SSLeay Programmer
       Reference


Porting
=======

  PGPlib has been developed on NetBSD 1.3.  It should configure and
  compile smoothly on FreeBSD, HP-UX and Linux.  If you port PGPlib to
  some other platform, or experience portabiblity problems on one of
  the tested  plattforms, I would be greatful if you would send me
  patches.  In particuler, a port til Win32 is needed.


Regarding PGP
=============

  - Work is underway to ensure that PGPlib is compliant with RFC1991. 

  - The name PGPlib might not be final as I respect Zimmermann's
    "ownership" of the acronym PGP and he might not like that I use
    the name PGPlib.  Thus, this library might become libRFC1991 or
    something.

  - PGP-5.0 is available.  It has quite a few new features, such as a
    multitude of encryption methods.  PGPlib might evolve to support
    them all.  But it might not.  Send me email if you want to join on
    an effort.


Your Feedback
============

  Your feedback is solicited.  Peter Simons <simons@rhein.de> has
  created a mailinglist for PGPlib.  To subscribe, send an e-mail to
  the address pgplib-dev-request@cryp.to and write the command
  SUBSCRIBE into the BODY. If you want to be subscribed under a
  different address than the one you're mailing from, you can also use
  SUBSCRIBE yourname@somewhere.else to do the trick.  To post to the
  list, send an e-mail to pgplib-dev@cryp.to as usual.

  There is also (very low volume) list pgplib-announce@cryp.to.
  Subscribe by sending an e-mail to pgplib-announce-request@cryp.to
  with SUBSCRIBE in the body.

  Both lists are archived at URL:http://www.cryp.to/

  If you write a nice application based on this library (the ultimate
  feedback :-), please feel free to send it to me and I will include
  it in the next release;


Where to get PGPlib
===================

  ftp://dslab1.cs.uit.no/pub/PGPlib.tar.gz

  I also store old releases for you convinience.



COPYRIGHT  (yum, yum)
=========

  The library and included applications are all available under
  "Berkeley style" copyright terms.  Basically, this means that PGPlib
  is FREE for commercial and non-comercial use, and that you can do
  almost anything with the code.  The only thing you can not do is to
  say that you wrote it.  See the file COPYING for details.

  This package includes cryptographic software, taken from SSLeay,
  written by Eric Young (eay@cryptsoft.com).



