GNU Privacy Guard for R
Bindings to GPG for creating and verifying OpenGPG (RFC4880) signatures. This is not a standalone library; GPG needs to be installed on the system. On Windows you need GPG4Win or similar, on other systems use the GPGME library.
About the R package:
The Debian backports archives on CRAN are signed with the key of Johannes Ranke (CRAN Debian archive) [email protected] with key fingerprint 6212 B7B7 931C 4BB1 6280 BA13 06F9 0DE5 381B A480.
Let’s import his key so that we can verify the Release file, which contains checksums for all files in the repository:
# Take out the spaces johannes <- gsub(" ", "", "6212 B7B7 931C 4BB1 6280 BA13 06F9 0DE5 381B A480") gpg_recv(johannes) # Verify the file library(curl) curl_download('https://cran.r-project.org/bin/linux/debian/buster-cran35/Release', 'Release') curl_download('https://cran.r-project.org/bin/linux/debian/buster-cran35/Release.gpg', 'Release.gpg') gpg_verify('Release', 'Release.gpg')
Binary packages for OS-X or Windows can be installed directly from CRAN:
sudo apt-get install -y libgpgme11-dev
On Fedora and CentOS we need gpgme-devel:
sudo yum install gpgme-devel
On OS-X use gpgme from Homebrew:
brew install gpgme
pkgadd -d http://get.opencsw.org/now /opt/csw/bin/pkgutil -U /opt/csw/bin/pkgutil -y -i gpgme_dev