1. Home
  2. /
  3. Use cases
  4. /
  5. Create OpenPGP signatures with SignServer

Create OpenPGP signature with SignServer

Here's how to sign code and packages using the OpenPGP message format.

OpenPGP logo

What is OpenPGP and SignServer?

OpenPGP is frequently utilized in open-source software projects and for packaging software in Linux settings. The SignServer OpenPGP tool complies with RFC 4880, the IETF standards-track specification of OpenPGP. It can sign any data, generating an OpenPGP standalone signature in either binary or ASCII format, or a straightforward cleartext signature.

How to set up OpenPGP code signing with SignServer

Applications can integrate directly with the web services web interface or use the SignServer SignClient to access the OpenPGP signer. Users can also access the signing functionality via a web interface. 

OpenPGP does not use X.509 certificates. However, in SignServer, OpenPGP signing operations are handled as any other code signing operation.

In this tutorial, you will learn how to:

  • Add an OpenPGP Signer
  • Add User ID / Certification
  • Generate and Store Revocation Certificate
  • Sign using the OpenPGP Signer
  • Submit and Sign File using Client Web and Client CLI
  • Verify Signature


Before you begin, you also need the following:




Here's a set of resources to help you begin with OpenPGP signatures.


Check out the supplementary documentation that goes hand-in-hand with our tutorial video.

Docker Hub

Get your hands on the SignServer Docker container by downloading it now from Docker Hub.


Take a peek at our tutorial video on YouTube, and browse through some of our other videos as well.


Join our discussions to ask questions and share ideas.

Related open-source projects