(Aside: You may wonder why our "release certificates" are signed natural-language statements, rather than using PGP key signing. Verify the signature, making sure the signing key's fingerprint matches the one from the certificate. Keybase decrypt -S kentonv ĭownload the installer script and its signature. If you have the Keybase tools installed, you can use this much-friendlier command instead: Note that you can ignore GPG's warning that the signature isn't trusted because you're checking the fingerprint directly (an advanced user would instead have pre-arranged to trust the key and could thus ignore the fingerprint). Read the signed statement (top bolded part) and decide if it checks out, and make sure the fingerprint of the signer (bottom bolded part) matches the one you trust. Gpg: There is no indication that the signature belongs to the owner. Gpg: WARNING: This key is not certified with a trusted signature! gpg: Signature made Wed 04:20:25 PM PDT using RSA key ID 440DDCF1 Will be updated monthly do not trust this certificate after October 2015. The output looks something like (emphasis added):Īs of September 2015, Sandstorm releases are signed with the PGP key withįingerprint 160D 2D57 7518 B58D 94C9 800B 63F2 2749 9DA8 CCBD.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |