Preparing to Authenticate Release (Setting up GPG)

In other to keep releases authentic it’s required that releases are signed before being published. This ensure’s that users of Tahoe are able to verify that the version of Tahoe they are using is coming from a trusted or at the very least known source.

The authentication is done using the GPG implementation of OpenGPG to be able to complete the release steps you would have to download the GPG software and setup a key(identity).

  • Download and install GPG for your operating system.
  • Generate a key pair using gpg --gen-key. Some questions would be asked to personalize your key configuration.

You might take additional steps including:

  • Setting up a revocation certificate (Incase you lose your secret key)
  • Backing up your key pair
  • Upload your fingerprint to a keyserver such as openpgp.org