gpg

GNU Privacy Guard for R

Bindings to GPG for creating and verifying OpenGPG (RFC4880) signatures. This is not a standalone library; GPG needs to be installed on the system. On Windows you need GPG4Win or similar, on other systems use the GPGME library.

Documentation

About the R package:

• Vignette: Using GPG in R

Other resources:

• The GNU Privacy Handbook

Hello World

The Debian backports archives on CRAN are signed with the key of Johannes Ranke (CRAN Debian archive) [email protected] with key fingerprint 6212 B7B7 931C 4BB1 6280 BA13 06F9 0DE5 381B A480.

Let’s import his key so that we can verify the Release file, which contains checksums for all files in the repository:

# Take out the spaces
johannes <- gsub(" ", "", "6212 B7B7 931C 4BB1 6280  BA13 06F9 0DE5 381B A480")
gpg_recv(johannes)

# Verify the file
library(curl)
curl_download('https://cran.r-project.org/bin/linux/debian/buster-cran35/Release', 'Release')
curl_download('https://cran.r-project.org/bin/linux/debian/buster-cran35/Release.gpg', 'Release.gpg')
gpg_verify('Release', 'Release.gpg')

Installation

Binary packages for OS-X or Windows can be installed directly from CRAN:

install.packages("gpg")

Installation from source on Linux or OSX requires GPGME. On Debian or Ubuntu install libgpgme11-dev directly from Universe:

sudo apt-get install -y libgpgme11-dev

On Fedora and CentOS we need gpgme-devel:

sudo yum install gpgme-devel

On OS-X use gpgme from Homebrew:

brew install gpgme

On Solaris 10 we can have gpgme_dev from OpenCSW:

pkgadd -d http://get.opencsw.org/now
/opt/csw/bin/pkgutil -U
/opt/csw/bin/pkgutil -y -i gpgme_dev