How Do OpenPGP Signatures

2007-12-18
2013-04-22
  • I'm certain the veterans will roll their eyes at the rookie, but. . . . . . . .How does one use the .asc file along with the OpenPGP key to install the software?

     
    • You don't need the OpenPGP Key nor the *.asc file to install the software.
      You need the correct *.zip Archive for your device.
      The former two files are only necessary, if you want to verify the integrity of the *.zip Archive, that is:
      Is the *.zip really coming from the author - me - or has somebody messed with the data.

      It usually goes like this:
      Get the *.zip and the corresponding *.asc
      Verify that the *.asc is a valid signature for the *.zip using gnupg or something similar and the OpenPGP public key.
      If everything seems fine, install it, if not then rather not...

      Mind you this is just verifying that a certain OpenPGP private key, which belongs to the OpenPGP public key on the site was used to create a signature for the *.zip archives. So as a nasty hacker i'd make sure that i also exchange the public key on the website :-P.

      Cheers,
      Tobias