Here's how to sign code and packages using the OpenPGP message format.
OpenPGP is frequently utilized in open-source software projects and for packaging software in Linux settings. The SignServer OpenPGP tool complies with RFC 4880, the IETF standards-track specification of OpenPGP. It can sign any data, generating an OpenPGP standalone signature in either binary or ASCII format, or a straightforward cleartext signature.
Applications can integrate directly with the web services web interface or use the SignServer SignClient to access the OpenPGP signer. Users can also access the signing functionality via a web interface.
OpenPGP does not use X.509 certificates. However, in SignServer, OpenPGP signing operations are handled as any other code signing operation.
In this tutorial, you will learn how to:
Before you begin, you also need the following:
Here's a set of resources to help you begin with OpenPGP signatures.
Check out the supplementary documentation that goes hand-in-hand with our tutorial video.
Get your hands on the SignServer Docker container by downloading it now from Docker Hub.
Take a peek at our tutorial video on YouTube, and browse through some of our other videos as well.
Join our discussions to ask questions and share ideas.