PGP Signature
jed  |
| S-Lang |
| slrn |
| most |
| Snapshots |
| Releases |
| github |
| Complex Domain Coloring |
| SLxfig |
| Antennas |
| Thermochron |
Public Key  |
I digitally sign my software using GnuPG to help prove the
authenticity of the software. If you want to verify the digital
signature of a file such as slang-2.3.2.tar.bz2, then also
download the associated detached signature file, which in this
example would be slang-2.3.2.tar.bz2.asc. Then execute the
following command:
# gpg --verify slang-2.3.2.tar.bz2.asc slang-2.3.2.tar.bz2
You should see something like:
gpg: Signature made Sun 04 Mar 2018 06:24:02 PM EST gpg: using DSA key DE401E0D5873000A gpg: Good signature from "John E. Davis <jed@jedsoft.org>" [unknown] gpg: aka "John E. Davis <davis@space.mit.edu>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: AE96 2A02 D29B FE4A 4BB2 805F DE40 1E0D 5873 000AYou should not be alarmed if you see the warning message. This just indicates that you have not taken steps to ensure the authenticity of my signature. Note that the key's fingerprint must match my public key's fingerprint, which is given below. If you see a message such as:
gpg: Signature made Sun 04 Mar 2018 06:24:02 PM EST gpg: using DSA key DE401E0D5873000A gpg: Can't check signature: No public keythen you will first need to obtain my public key and add it to your keyring. My public key may be obtained by downloading the ascii file jedavis_public_key2.asc. This file contains two public keys, an older one with the fingerprint
AE96 2A02 D29B FE4A 4BB2 805F DE40 1E0D 5873 000A
and a newer one with the fingerprint
6408 3373 E9E1 DE99 7EBB E778 4B82 D0B8 2930 237D
The old key was used to sign the software released before 2020-06-01,
and the newer one used after that date.
To add the keys to your keyring, use
gpg --import jedavis_public_key2.asc
