Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jeroen/gpg

Bindings to gpgme for R
https://github.com/jeroen/gpg

Last synced: about 2 months ago
JSON representation

Bindings to gpgme for R

Host: GitHub
URL: https://github.com/jeroen/gpg
Owner: jeroen
License: other
Created: 2015-07-08T22:51:58.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2024-09-19T16:01:36.000Z (3 months ago)
Last Synced: 2024-10-11T18:19:49.559Z (2 months ago)
Language: C
Homepage:
Size: 3.72 MB
Stars: 19
Watchers: 4
Forks: 4
Open Issues: 4
Metadata Files:
- Readme: README.md
- Changelog: NEWS
- License: LICENSE

Awesome Lists containing this project

jimsghstars - jeroen/gpg - Bindings to gpgme for R (C)

README

        # gpg

> *GNU Privacy Guard for R*

[![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/github/jeroen/gpg?branch=master&svg=true)](https://ci.appveyor.com/project/jeroen/gpg)

[![CRAN_Status_Badge](http://www.r-pkg.org/badges/version/gpg)](http://cran.r-project.org/package=gpg)

[![CRAN RStudio mirror downloads](http://cranlogs.r-pkg.org/badges/gpg)](http://cran.r-project.org/web/packages/gpg/index.html)

Bindings to GPG for creating and verifying OpenGPG (RFC4880)

signatures. This is not a standalone library; GPG needs to be installed

on the system. On Windows you need GPG4Win or similar, on other systems

use the GPGME library.

## Documentation

About the R package:

 - Vignette: [Using GPG in R](https://cran.r-project.org/web/packages/gpg/vignettes/intro.html)

Other resources:

 - [The GNU Privacy Handbook](https://www.gnupg.org/gph/en/manual.html)

## Hello World

Let's verify a Debian file. The [Debian page on CRAN](https://cran.r-project.org/bin/linux/debian/) says the following:

*Since 16th of November 2021, the buster40 and bullseye40 repositories are signed with a new key with the key ID 0xB8F25A8A73EACF41, fingerprint 95C0FAF38DB3CCAD0C080A7BDC78B2DDEABC47B7 and user ID Johannes Ranke .*

We import this key so that we can verify the [Release](https://cran.r-project.org/bin/linux/debian/bullseye-cran40/Release) file, which contains checksums for all files in the repository:

```r

# take out the spaces

johannes <- "0xB8F25A8A73EACF41"

gpg_recv(johannes)

```

If you don't trust the CRAN homepage, you could check who has signed this key. You'd need to import the corresponding peer keys for more information.

```r

gpg_list_signatures(johannes)

```

Now lets verify the release files:

```r

# Verify the file

library(curl)

curl_download('https://cran.r-project.org/bin/linux/debian/bullseye-cran40/Release', 'Release')

curl_download('https://cran.r-project.org/bin/linux/debian/bullseye-cran40/Release.gpg','Release.gpg')

gpg_verify('Release.gpg', 'Release')

```

```

                id           timestamp           name                  email success

1 DC78B2DDEABC47B7 2021-11-16 11:17:18 Johannes Ranke [email protected]    TRUE

```

Looking good! We can trust the checksums in the `Release` file to be legitimate.

## Installation

Binary packages for __OS-X__ or __Windows__ can be installed directly from CRAN:

```r

install.packages("gpg")

```

Installation from source on Linux or OSX requires [`GPGME`](https://www.gnupg.org/(es)/related_software/gpgme/index.html). On __Debian__ or __Ubuntu__ install [libgpgme-dev](https://packages.debian.org/testing/libgpgme-dev) directly from Universe:

```

sudo apt-get install -y libgpgme-dev

```

On __Fedora__ and __CentOS__ we need [gpgme-devel](https://src.fedoraproject.org/rpms/gpgme):

```

sudo yum install gpgme-devel

````

On __OS-X__ use [gpgme](https://github.com/Homebrew/homebrew-core/blob/master/Formula/gpgme.rb) from Homebrew:

```

brew install gpgme

```