README: clarify signing explanation

This commit is contained in:
nervuri 2021-03-22 11:40:34 +00:00
parent a3bbe7bd24
commit b1726ab766
1 changed files with 2 additions and 1 deletions

View File

@ -18,7 +18,8 @@ Uses [signify](https://www.openbsd.org/papers/bsdcan-signify.html). GPG support
### Signing
1. Walks you through installing `signify` and generating a keypair.
0. Walks you through installing `signify`, if not already installed ([apt](https://en.wikipedia.org/wiki/Advanced_Packaging_Tool) only, for now).
1. Walks you through generating a keypair; stores keys in `$XDG_DATA_HOME/signify/` (or `~/.local/share/signify/`).
2. Generates a `SHA256SUMS` file containing hashes of all files in the specified directory (including subdirectories).
3. Puts `key.pub` and `SHA256SUMS` into a tar.gz archive.
4. Signs the archive, embedding the signature in the gzip header.