Welcome to GnuPG 2.2
Double click the Install package to install GnuPG 2.2. Any previous version of GnuPG 2.2 will automatically be uninstalled during the installation process. Do not install GnuPG to any target other than your “Macintosh HD” device.
Converting existing Keyrings
If you do not intend to use your keyring with GnuPG 1.x or 2.0.x in the future, we recommend that you convert your keyring to the new GnuPG 2.2 format. This will speed up any keyring operations. However, the drawback is that your keyring is not compatible to GnuPG versions before 2.2.
To convert an existing pubring.gpg file to the new keybox format, a helper tool is provided. Simply execute
Verifying the Download Integrity
The SHA-256 sum of the downloaded file (e.g. GnuPG-2.2.0.dmg) can be verified as follows.
1. Open a Terminal window
2. Execute: shasum -a 256 Downloads/GnuPG-2.2.0.dmg
4. Compare the checksum you got in the Terminal with the SHA-256 sum on the web page.
Verifying the Package Signature
In addition to the developer signature verified by Mac OS X, the Installer Disk Image also contains an OpenPGP signature which can be used to verify the Installer package. To verify the integrity of the installer, download the package signature file (e.g. GnuPG-2.2.0.dmg.sig), then open a Terminal window and execute:
gpg2 --keyserver pool.sks-keyservers.net --recv-keys 0xDB1187B9DD5F693B
gpg2 --verify GnuPG-2.2.0.dmg.sig GnuPG-2.2.0.dmg
The 1st command will download and import the public key that you need in order to verify the signature; the second command verifies the signature.
GnuPG and all its parts, are licensed under the GNU Public License and/or the Lesser GNU Public License. See License.txt for details.
The GnuPG source code is available from https://www.gnupg.org/download/index.html
The tools and patches used to create this installer are available from https://sourceforge.net/p/gpgosx/