Template:Gpg key

From Kicksecure
Jump to navigation Jump to search

  • Digital signatures are a tool enhancing download security. They are commonly used across the internet and nothing special to worry about.
  • Optional, not required: Digital signatures are optional and not mandatory for using Kicksecure, but an extra security measure for advanced users. If you've never used them before, it might be overwhelming to look into them at this stage. Just ignore them for now.
  • Learn more: Curious? If you are interested in becoming more familiar with advanced computer security concepts, you can learn more about digital signatures here digital software signatures.

Securely download the signing key.

{{{url}}}

Display the key's fingerprint.

gpg --keyid-format long --import --import-options show-only --with-fingerprint {{{source_filename}}}

Verify the fingerprint. It should show.

Note: Key fingerprints provided on the Kicksecure website are for convenience only. The Kicksecure project does not have the authorization or the resources to function as a certificate authority, and therefore cannot verify the identity or authenticity of key fingerprints. The ultimate responsibility for verifying the authenticity of the key fingerprint and correctness of the verification instructions rests with the user.

{{{gpg_fingerprint_output}}}

The most important check is confirming the key fingerprint exactly matches the output above. [1]

warning Warning:

Do not continue if the fingerprint does not match! This risks using infected or erroneous files! The whole point of verification is to confirm file integrity.

Add the signing key.

gpg --import {{{source_filename}}}

  1. Minor changes in the output such as new uids (email addresses) or newer expiration dates are inconsequential.
Retrieved from "https://www.kicksecure.com/w/index.php?title=Template:Gpg_key&oldid=78048"