 SecuDE-4.4                                             (c) GMD Darmstadt 1995



 INSTALLATION OF SecuDE
 ======================

 To install SecuDE, cd to the secude/src directory and run 

        install [keywords]

 This configures SecuDE according to keywords makes it afterwards. Install
 is equivalent to

        configure [keywords]
        make

 if you want to separate the configuration and the make (if you don't have the 
 current directory as first item in your PATH, say ./make).

 Keywords beginning with capital letters control which functional components
 shall be installed (e.g. with or without integrated  X.500 DUA). Keywords 
 beginning with small letters control the installation process (e.g. which 
 compiler to be used).


 One or more of the following keywords can be given in arbitrary order:

 Configuration keywords:

 X500        Including integrated X.500 DUA. This requires the installation 
             of ISODE ICR1.1v3 on your system.
             configure tries to find this ISODE installation and saves the 
             pathname of it's include directory in config/ISODE-INCL.save 
             and the pathname of it's lib directory in ISODE-LIB.save. 
             You may edit these files and rerun configure in order to use
             other pathnames than those found by configure.

 ICR1        SecuDE can be configured either with ICR1 or ICR2 compatibility.
  or         The ICR1 sources are from the Isode Release 1.1v3, the 
 ICR2        ICR2 sources are from Isode Release 2.1v2. ICR1 is the default
             setting used by configure, if this keyword is omitted.

 STRONG      Only applicable if X500 is given. Uses strong authentication 
             between DUA and DSA. This requires the installation of the 
             security-enhanced version of ISODE ICR1.1v3 on your system, 
             which can be obtained from
             ftp://darmstadt.gmd.de/pub/secude/ICR1.1v3_secude-4.4.dist.tar
             This comprises the base, dua and dsa part of the IC distribution.

 SCA         SecuDE  supports  the use of the GMD/G&D Starcos-1.1 smartcard 
             system for algorithmic processing and storing of personal security 
             data. This system supports RSA and  DES processing in the 
             smartcard reader. RSA/DES processing by software and by Starcos 
             can be used simultaneously. The keyword SCA must be given if
             the Starcos-1.1 system shall be used.

 XMST        Including the Motif-based xmst (src/util/xmsectool). This 
             requires the a Motif installation on your system.
             configure tries to find this Motif installation and saves the 
             pathname of it's include directory in config/MOTIF-INCL.save 
             and the pathname of it's lib directory in MOTIF-LIB.save. 
             You may edit these files and rerun configure in order to use
             other pathnames than those found by configure.
             See also lib/X11/xmst.info for more information about xmst and
             it's installation.
   
 SECXLOCK    SecuDE contains an xlock version (src/util/secxlock) which locks
             and unlocks your local X display on the basis of strong authenti-
             cation (with digital signatures) instead of your login password.
             It requires an X11R4 installation on your system. Uze this
             keyword to include secxlock.

 NEW_SHS     Uses the new NIST-version of the shs hash algorithm

 Installation keywords:

 cc          Uses cc for compilation (default)

 gcc         Uses gcc for compilation

 opt         compiles with optimizer (-O)

 debug       compiles debug information (-g)

 std         SecuDE has assembler packages for multi-precision integer
             arithmetic for various cpu types, e.g. SUN Sparc, SUN 68000, 
             HP 9000, and a C version. Keyword std causes that the C 
             programs are used even if assembler programs are available.
             Per default, configure tries to find out whether assembler
             programs can be used.

 rsaref      This is for the use of SecuDE in the US. SecuDE has an interface
             to the rsaref library functions of RSA Inc. If the rsaref
             keyword is given, the SecuDE-RSA routines are not used, and your 
             own rsaref library will be linked instead.
             
 static      Static libraries are used (default: shared).

 new         All *.save files in src/config are removed before configuration.

 verbose     Configure tries to find a number of pathnames, e.g. of the 
             Motif libraries, of the ISODE libraries, and saves them in
             corresponding *.save files in src/config. If verbose is given,
             it shows you what it found and asks you for alternatives.

       
 Configure produces the files
 
 config/TOP.save
 config/AFDB.save
 config/ALIASDIR.save
 config/MOTIF-INCL.save
 config/MOTIF-LIB.save
 config/ISODE-INCL.save
 config/ISODE-LIB.save
 config/CC.save
 config/MAKE.save

 which are used if configure is repeated, and

 config/CONFIG.make 
 include/CONFIG.h,

 which are used in a subsequent make. If configure fails to do an appropriate
 configuration, you can edit these files for appropriate settings.


 Limitations:
 ------------

 Configure tries to find out what system platform you have (with uname) and
 makes some very simple assumptions on how to find the pathnames for MOTIF
 and ISODE, if required. The configure shell script currently works only for
 SunOS 4.1.x, SunOS 5.3, Linux, HP-UX, DEC Alpha OSF/1 and Silicon Graphics 
 Irix 5.2 systems. If you have another platform, you certainly would have to 
 add another platform section in configure. We would appreciate comments on
 or improvements of configure, e.g. support for other platforms 
 (secude-int@darmstadt.gmd.de).

 Examples:
 ---------

 For installation of the minimum configuration just say

       install

 For installation of the maximum configuration say

       install X500 ICR1 STRONG SCA XMST SECXLOCK

 In this case, X500 requires an Isode ICR1.1v3 installation, XMST requires 
 a Motif installation (including the Motif include files and uil), and SECXLOCK
 requires X11.

 Cryptographic Library:
 ----------------------

 If you only need cryptographic functions like RSA, DSA, DES, DH key agreement
 etc., you may produce a small cryptographic library (which does not include any
 ASN.1 stuff or X.509 certification functions). Cd to src and say

       make libcrypt

 This will produce lib/libcrypt.a (or lib/libcrypt.so.44.nn). This contains all
 functions which are described in Vol. 2, "Low Level cryptography".
      
 Problems with older releases
 ----------------------------

 The PSE - PIN is truncated after the 8th character by the getpass system call
 In some older versions of SecuDE longer PINs were allowed. A PSE with such a 
 long PIN is now possibly unreadable. You should change the PIN with the old
 SecuDE version.


 SecuDE under MS-DOS:
 --------------------

 SecuDE-4.4 can be installed under MS-DOS with the following restrictions:
 
 - we used the GNU C-compiler on the DOS system because this has the advantage
   of producing full 32-bit code. Both the Microsoft and the Borland C packages
   caused some trouble because they are producing 16-bit code. As a consequence,
   integrating SecuDE-library-functions into your own application program will
   only work if you compile your application with the GNU compiler.

 - The DOS version of SecuDE does not include the integrated X.500 DUA. It
   would be necessary to port the whole ISODE and QUIPU package to DOS
   for that purpose. We do not intend to do this in the near future.

 - It does not include the Starcos smartcard package, too. This will be 
   provided in later versions.
