Skip to content

Commit aed46a5

Browse files
theborakompanionitheborakompanioni
authored
docs(verification): update fingerprint and key (#69)
1 parent 0aecfac commit aed46a5

1 file changed

Lines changed: 47 additions & 14 deletions

File tree

docs/software/verification.md

Lines changed: 47 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,33 +1,34 @@
11
# Verification
22

3-
All [releases] are signed by one of the Jam [contributors]. As of this writing ([742,834][now]), releases are signed with [dergigi's PGP key][gigi] which has the following fingerprint:
4-
3+
All [releases] are signed by one of the Jam [contributors]. As of this writing ([863,123][now]), releases are signed with [tbk's PGP key][tbk] which has the following fingerprint:
54
```
6-
8198 A185 30A5 22A0 9561 2439 89C4 A25E 69A5 DE7F
5+
3550 2225 7551 EAB1 26D7 5616 E807 0AF0 053A AC0D
76
```
87

8+
9+
### v0.3.0 and above
10+
911
To verify a specific release, import the key
1012

1113
```
12-
curl https://dergigi.com/PGP.txt | gpg --import
14+
curl https://raw.githubusercontent.com/joinmarket-webui/jam-docker/refs/heads/master/standalone/pubkeys/tbk.asc | gpg --import
1315
```
1416

1517
and [verify the git tag][verify-tag] of your local copy:
1618

17-
[verify-tag]: https://git-scm.com/docs/git-verify-tag
18-
1919
```
20-
git verify-tag v0.0.10
20+
git verify-tag v0.3.0
2121
```
2222

2323
This should produce an output that contains "good signature" as well as the key fingerprint mentioned above:
2424

2525
```
26-
gpg: Signature made Fr 5 Aug 14:17:58 2022 CEST
27-
gpg: using RSA key 8198A18530A522A09561243989C4A25E69A5DE7F
28-
gpg: Good signature from "Gigi <dergigi@pm.me>" [unknown]
29-
...
30-
Primary key fingerprint: 8198 A185 30A5 22A0 9561 2439 89C4 A25E 69A5 DE7F
26+
gpg: Signature made Wed 02 Oct 2024 10:19:46 AM UTC
27+
gpg: using RSA key 355022257551EAB126D75616E8070AF0053AAC0D
28+
gpg: Good signature from "theborakompanioni (no comment) <theborakompanioni+github@gmail.com>" [unknown]
29+
gpg: WARNING: This key is not certified with a trusted signature!
30+
gpg: There is no indication that the signature belongs to the owner.
31+
Primary key fingerprint: 3550 2225 7551 EAB1 26D7 5616 E807 0AF0 053A AC0D
3132
```
3233

3334
---
@@ -38,9 +39,41 @@ the version number on the [releases page][releases] on GitHub.
3839

3940
It should say that _"This tag was signed with the committer’s verified
4041
signature"_ and show you the last 16 characters of the GPG key ID listed above
41-
(`89C4 A25E 69A5 DE7F`).
42+
(`E807 0AF0 053A AC0D`).
43+
44+
### Before v0.3.0
45+
46+
Releases before v0.3.0 were signed with [dergigi's PGP key][gigi] which has the following fingerprint:
47+
48+
```
49+
8198 A185 30A5 22A0 9561 2439 89C4 A25E 69A5 DE7F
50+
```
51+
52+
To verify a specific release, import the key
4253

54+
```
55+
curl https://dergigi.com/PGP.txt | gpg --import
56+
```
57+
58+
and [verify the git tag][verify-tag] of your local copy:
59+
60+
```
61+
git verify-tag v0.0.10
62+
```
63+
64+
This should produce an output that contains "good signature" as well as the key fingerprint mentioned above:
65+
66+
```
67+
gpg: Signature made Fr 5 Aug 14:17:58 2022 CEST
68+
gpg: using RSA key 8198A18530A522A09561243989C4A25E69A5DE7F
69+
gpg: Good signature from "Gigi <dergigi@pm.me>" [unknown]
70+
...
71+
Primary key fingerprint: 8198 A185 30A5 22A0 9561 2439 89C4 A25E 69A5 DE7F
72+
```
73+
74+
[verify-tag]: https://git-scm.com/docs/git-verify-tag
4375
[releases]: https://github.com/joinmarket-webui/jam/releases
4476
[contributors]: https://github.com/joinmarket-webui/jam/graphs/contributors
45-
[now]: https://www.blockstream.info/block-height/742834
77+
[now]: https://www.blockstream.info/block-height/863123
78+
[tbk]: https://raw.githubusercontent.com/joinmarket-webui/jam-docker/refs/heads/master/standalone/pubkeys/tbk.asc
4679
[gigi]: https://dergigi.com/pgp/

0 commit comments

Comments
 (0)