README: clarify signing explanation

nervuri 2021-03-22 11:40:34 +00:00
parent a3bbe7bd24
commit b1726ab766
1 changed files with 2 additions and 1 deletions

View File

@ -18,7 +18,8 @@ Uses [signify]( GPG support
### Signing
1. Walks you through installing `signify` and generating a keypair.
0. Walks you through installing `signify`, if not already installed ([apt]( only, for now).
1. Walks you through generating a keypair; stores keys in `$XDG_DATA_HOME/signify/` (or `~/.local/share/signify/`).
2. Generates a `SHA256SUMS` file containing hashes of all files in the specified directory (including subdirectories).
3. Puts `` and `SHA256SUMS` into a tar.gz archive.
4. Signs the archive, embedding the signature in the gzip header.