adding README with instructions for signing/verifying packages

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
2012-06-27 08:26:50 -05:00 · 2012-06-27 08:26:50 -05:00 · 6bbe933bbf
commit 6bbe933bbf
parent 776cffbf9e
1 changed files with 13 additions and 0 deletions
--- a/13
+++ b/13
@ -0,0 +1,13 @@
+SIGNING:
+ $ gpg -a -b [file]
+
+VERIFY SIGNATURE:
+We sign easy-rsa packages with a GPG private key.  The public key is available
+in the git repository (PUBLIC_KEY) as well as on various GPG/PGP public key
+servers around the net.
+
+To verify the package signature download and import our public key into GPG:
+  $ gpg --import pubkey.txt
+Then download and verify the signature:
+  $ gpg -v --verify [file].asc
+Note that the [file].asc and tarball need to be in the same directory.