Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

VerifyingSignatures changed

Browse Source 
more verbosity on specifying keyserver and fetching keys with gpg directly
This commit is contained in:
Hakisho Nukama 2014-11-20 11:04:27 +00:00
parent 2362351da4
commit 05190aa954
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
VerifyingSignatures.md
View File

@ -29,18 +29,24 @@ Importing Qubes Signing Keys
Every file published by the Qubes Project (ISO, RPM, TGZ files and git repositories) is digitally signed by one of the developer or release signing keys. Each such key is signed by the Qubes Master Signing Key ([\`0x36879494\`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc)).
The public portion of the Qubes Master Signing Key can be imported directly from a keyserver,
The public portion of the Qubes Master Signing Key can be imported directly from a [ keyserver](https://en.wikipedia.org/wiki/Key_server_%28cryptographic%29#Keyserver_examples) (specified on first use with --keyserver URI, keyserver saved in \~/.gnupg/gpg.conf),
``` {.wiki}
gpg --recv-keys 0x36879494
```
or downloaded [here](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc) and imported with gpg.
or downloaded [here](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc) and imported with gpg,
``` {.wiki}
$ gpg --import ./qubes-master-signing-key.asc
```
or fetched directly with gpg.
``` {.wiki}
$ gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-master-signing-key.asc
```
For additional security we also publish the fingerprint of the Qubes Master Signing Key ([\`0x36879494\`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc)) here in this document:
``` {.wiki}