Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add prep section for installing PGP verification programs

Browse Source 
This is a first step toward improving the instructions for non-Linux
users (QubesOS/qubes-issues#6191, #1076).
This commit is contained in:
Andrew David Wong 2020-11-06 12:29:42 -08:00
parent c4b971b639
commit b7821598a3
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
project-security/verifying-signatures.md
View File

@ -52,6 +52,24 @@ There are three basic steps in this process:
If you run into any problems, please consult the [Troubleshooting FAQ] below.
### Preparation
Before we begin, you'll need a program that can verify PGP signatures.
Any such program will do, but here are some examples for popular operating systems:
**Windows:** [Gpg4win](https://gpg4win.org/download.html).
Use the Windows command line (`cmd.exe`) to enter commands.
**Mac:** [GPG Suite](https://gpgtools.org/).
Open a terminal to enter commands.
**Linux:** `gpg2` from your package manager or from [gnupg.org](https://gnupg.org/download/index.html).
Open a terminal to enter commands.
The commands below will use `gpg2`, but if that doesn't work for you, try `gpg` instead.
### 1. Get the Qubes Master Signing Key and verify its authenticity
Every file published by the Qubes Project (ISO, RPM, TGZ files and Git repositories) is digitally signed by one of the developer keys or Release Signing Keys.