Browse Source

README: clarify signing explanation

main
nervuri 3 months ago
parent
commit
b1726ab766
  1. 3
      README.md

3
README.md

@ -18,7 +18,8 @@ Uses [signify](https://www.openbsd.org/papers/bsdcan-signify.html). GPG support
### Signing
1. Walks you through installing `signify` and generating a keypair.
0. Walks you through installing `signify`, if not already installed ([apt](https://en.wikipedia.org/wiki/Advanced_Packaging_Tool) only, for now).
1. Walks you through generating a keypair; stores keys in `$XDG_DATA_HOME/signify/` (or `~/.local/share/signify/`).
2. Generates a `SHA256SUMS` file containing hashes of all files in the specified directory (including subdirectories).
3. Puts `key.pub` and `SHA256SUMS` into a tar.gz archive.
4. Signs the archive, embedding the signature in the gzip header.

Loading…
Cancel
Save