Next: Build instructions, Previous: Prepared tarballs, Up: Installation [Index]
You have to verify downloaded tarballs authenticity to be sure that you retrieved trusted and untampered software. There are two options:
Use GNU Privacy Guard free software implementation. For the very first time it is necessary to get signing public key and import it. It is provided here, but you should check alternate resources.
pub rsa2048/0x2B25868E75A1A953 2017-01-10
92C2 F0AE FE73 208E 46BF F3DE 2B25 868E 75A1 A953
uid NNCP releases <releases at nncpgo dot org>
$ gpg --auto-key-locate dane --locate-keys releases at nncpgo dot org $ gpg --auto-key-locate wkd --locate-keys releases at nncpgo dot org
Public key and its OpenPGP
signature made with the key above.
Its fingerprint: SHA256:FRiWawVNBkyS3jFn8uZ/JlT+PWKSFbhWe5XSixp1+SY.
$ ssh-keygen -Y verify -f PUBKEY-SSH.pub -I releases@nncpgo.org -n file \
-s nncp-8.10.0.tar.zst.sig < nncp-8.10.0.tar.zst