Next: Build instructions, Previous: Prepared tarballs, Up: Installation [Index]
You have to verify downloaded tarballs authenticity to be sure that you retrieved trusted and untampered software.
OpenSSH .sig signature,
public key and its LibrePGP
signature.
Its fingerprint: SHA256:FRiWawVNBkyS3jFn8uZ/JlT+PWKSFbhWe5XSixp1+SY.
$ ssh-keygen -Y verify -f PUBKEY-SSH.pub -I releases@nncpgo.org -n file \
-s nncp-8.13.0.tar.xz.sig <nncp-8.13.0.tar.xz
KEKS/CM .cm quantum resistant SLH-DSA signature, public key and its LibrePGP signature.
$ fpr=$(kekspp -v -p /data/id <PUBKEY-CM.pub) $ echo $fpr 54D487664D5C19FE8C63F690155381AD4B0102EB6B9DF5A8DAD7A3B339610608 $ mkdir -p pubs $ ln -s ../PUBKEY-CM.pub pubs/$fpr $ cat nncp-$v.tar.xz.cm nncp-$v.tar.xz | cmsigtool -v -d -pubs pubs