Gnu Privacy Guard (GnuPG) is an Open Source implementation of the Pretty Good [](.html)
Privacy (OpenPGP) specification. Its main purposes are digital authentication,
signature and encryption.
Gnu Privacy Guard (GnuPG) is an Open Source implementation of the Pretty Good [](.html)
+Privacy (OpenPGP) specification. Its main purposes are digital authentication,
+signature and encryption.
It is often used by the FLOSS community to verify:
See Generating a GPG key for Git tagging.
+$ gpg --gen-key
+$ gpg --gen-key
-gpg (GnuPG) 2.1.6; Copyright (C) 2015 Free Software Foundation, Inc.
-This is free software: you are free to change and redistribute it.
-There is NO WARRANTY, to the extent permitted by law.
+gpg (GnuPG) 2.1.6; Copyright (C) 2015 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
-Note: Use "gpg2 --full-gen-key" for a full featured key generation dialog.
+Note: Use "gpg2 --full-gen-key" for a full featured key generation dialog.
-GnuPG needs to construct a user ID to identify your key.
+GnuPG needs to construct a user ID to identify your key.
-Real name: Marvin the Paranoid Android
-Email address: marvin@h2g2.net
-You selected this USER-ID:
+Real name: Marvin the Paranoid Android
+Email address: marvin@h2g2.net
+You selected this USER-ID:
"Marvin the Paranoid Android <marvin@h2g2.net>"
-Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
-We need to generate a lot of random bytes. It is a good idea to perform
-some other action (type on the keyboard, move the mouse, utilize the
-disks) during the prime generation; this gives the random number
-generator a better chance to gain enough entropy.
+Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
gpg - entropy interlude
At this point, you will:
@@ -122,78 +154,20 @@ code > span.er { color: #ff0000; font-weight: bold; }
- be asked to use your machine's input devices (mouse, keyboard, etc.) to generate random entropy; this step may take some time
gpg - key creation confirmation
-gpg: key A9D53A3E marked as ultimately trusted
-public and secret key created and signed.
+gpg: key A9D53A3E marked as ultimately trusted
+public and secret key created and signed.
-gpg: checking the trustdb
-gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
-gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
-pub rsa2048/A9D53A3E 2015-07-31
- Key fingerprint = AF2A 5381 E54B 2FD2 14C4 A9A3 0E35 ACA4 A9D5 3A3E
-uid [ultimate] Marvin the Paranoid Android <marvin@h2g2.net>[](.html)
-sub rsa2048/8C0EACF1 2015-07-31
+gpg: checking the trustdb
+gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
+pub rsa2048/A9D53A3E 2015-07-31
+ Key fingerprint = AF2A 5381 E54B 2FD2 14C4 A9A3 0E35 ACA4 A9D5 3A3E
+uid [ultimate] Marvin the Paranoid Android <marvin@h2g2.net>[](.html)
+sub rsa2048/8C0EACF1 2015-07-31
gpg - submit your public key to a PGP server (Optional)
-$ gpg --keyserver pgp.mit.edu --send-keys A9D53A3E
-gpg: sending key A9D53A3E to hkp server pgp.mit.edu
+$ gpg --keyserver pgp.mit.edu --send-keys A9D53A3E
+gpg: sending key A9D53A3E to hkp server pgp.mit.edu
Create and push a GPG-signed tag
-See Git - Maintaining a project - Tagging your [](.html)
releases.
-Prerequisites
-This guide assumes that you have:
-
-- a GPG key matching your GitHub authentication credentials
-
-- i.e., the email address identified by the GPG key is the same as the one in your
~/.gitconfig
-
-- a GitHub fork of Shaarli
-- a local clone of your Shaarli fork, with the following remotes:
-
-origin pointing to your GitHub forkupstream pointing to the main Shaarli repository
-- maintainer permissions on the main Shaarli repository (to push the signed tag)
-
-Bump Shaarli's version
-$ cd /path/to/shaarli
-
-# create a new branch
-$ git fetch upstream
-$ git checkout upstream/master -b v0.5.0
-
-# bump the version number
-$ vim index.php shaarli_version.php
-
-# commit the changes
-$ git add index.php shaarli_version.php
-$ git commit -s -m "Bump version to v0.5.0"
-
-# push the commit on your GitHub fork
-$ git push origin v0.5.0
-Create and merge a Pull Request
-This one is pretty straightforward ;-)
-Create and push a signed tag
-# update your local copy
-$ git checkout master
-$ git fetch upstream
-$ git pull upstream master
-
-# create a signed tag
-$ git tag -s -m "Release v0.5.0" v0.5.0
-
-# push it to "upstream"
-$ git push --tags upstream
-Verify a signed tag
-v0.5.0 is the first GPG-signed tag pushed on the Community Shaarli.
-Let's have a look at its signature!
-$ cd /path/to/shaarli
-$ git fetch upstream
-
-# get the SHA1 reference of the tag
-$ git show-ref tags/v0.5.0
-f7762cf803f03f5caf4b8078359a63783d0090c1 refs/tags/v0.5.0
-
-# verify the tag signature information
-$ git verify-tag f7762cf803f03f5caf4b8078359a63783d0090c1
-gpg: Signature made Thu 30 Jul 2015 11:46:34 CEST using RSA key ID 4100DF6F
-gpg: Good signature from "VirtualTam <virtualtam@flibidi.net>" [ultimate][](.html)
+See Release Shaarli.