Add prep section for installing PGP verification programs

This is a first step toward improving the instructions for non-Linux
users (QubesOS/qubes-issues#6191, #1076).
This commit is contained in:
Andrew David Wong 2020-11-06 12:29:42 -08:00
parent c4b971b639
commit b7821598a3
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17

View File

@ -52,6 +52,24 @@ There are three basic steps in this process:
If you run into any problems, please consult the [Troubleshooting FAQ] below. If you run into any problems, please consult the [Troubleshooting FAQ] below.
### Preparation
Before we begin, you'll need a program that can verify PGP signatures.
Any such program will do, but here are some examples for popular operating systems:
**Windows:** [Gpg4win](https://gpg4win.org/download.html).
Use the Windows command line (`cmd.exe`) to enter commands.
**Mac:** [GPG Suite](https://gpgtools.org/).
Open a terminal to enter commands.
**Linux:** `gpg2` from your package manager or from [gnupg.org](https://gnupg.org/download/index.html).
Open a terminal to enter commands.
The commands below will use `gpg2`, but if that doesn't work for you, try `gpg` instead.
### 1. Get the Qubes Master Signing Key and verify its authenticity ### 1. Get the Qubes Master Signing Key and verify its authenticity
Every file published by the Qubes Project (ISO, RPM, TGZ files and Git repositories) is digitally signed by one of the developer keys or Release Signing Keys. Every file published by the Qubes Project (ISO, RPM, TGZ files and Git repositories) is digitally signed by one of the developer keys or Release Signing Keys.