![]() The public key for the official Ubuntu archive is already know by your computer, but if you want to add a PPA or third-party repository you must import their key. When you install a package, apt verifies the signature.įurther Reading: All about secure apt Common Issues For instance, here is the file for official Ubuntu 12.10 repository and its corresponding GPG signature. ![]() This file contains the checksums of a number other files in the repository. The actual file in the repository that is signed is the Release file. In this context, the apt repository that you are downloading a package from should be signed by a secret key so that you can verify that the packages you are installing come from where they say they are. Likewise, knowing someone's public key will allow you to encrypt a message that can only be read by the holder of the corresponding secret key.įurther Reading: GnuPG for Daily Use (a Mini How-To.) What's this have to do with me? Using the public key, one can verify the signature made by a private key. ![]() ![]() A public key is hosted on a key server (e.g. This type of cryptography is based on key pairs. It can be used to encrypt or sign data and communications to ensure its authenticity. GPG, or GNU Privacy Guard, is a suite of cryptographic software.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |