How to sign your custom RPM package with GPG Key
GnuPG stands for GNU Privacy Guard and is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC 2440. As such, it is aimed to be compatible with PGP from NAI, Inc.
After building your custom RPM package, it's a good idea to sign the package with your own GPG Key to make sure the package is authentic. In this HOWTO, I'll cover how to generate your own gpg key pair and sign your custom RPM package with that key.
By Thomas Chung at Fedora News.
[ Read more ]
- Software: GnuPG