X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=doc%2Fintegrity.texi;h=b9bc1a1e60910a76ae8675f65e5176ca6e5635b5;hb=d7ff911413b29e9ba6afb4b8e86116c4ff46ff17;hp=ea5e59e51c766733e3232206946adbd0780296ce;hpb=4b6010d63d3512094c7cef4a119a8d45cb1a7b18;p=govpn.git

diff --git a/doc/integrity.texi b/doc/integrity.texi
index ea5e59e..b9bc1a1 100644
--- a/doc/integrity.texi
+++ b/doc/integrity.texi
@@ -7,9 +7,34 @@ software. For integrity and authentication of downloaded binaries
 @url{https://www.gnupg.org/, The GNU Privacy Guard} is used. You must
 download signature (@file{.sig}) provided with the tarball.
 
-For the very first time you need to import signing public keys. They
-are provided below, but be sure that you are reading them from the
-trusted source. Alternatively check this page from
-@ref{Contacts, other sources} and look for the mailing list announcements.
+For the very first time you need to import signing public key. It is
+provided below, but it is better to check alternative resources with it.
 
-@verbatiminclude pubkey.txt
+@verbatim
+pub   rsa2048/0xF2F59045FFE2F4A1 2015-03-10
+      D269 9B73 3C41 2068 D8DA  656E F2F5 9045 FFE2 F4A1
+uid   GoVPN releases <releases at govpn dot info>
+@end verbatim
+
+@itemize
+
+@item This website @ref{Contacts, alternates} and maillist containing
+public key fingerprint.
+
+@item
+@verbatim
+% gpg --keyserver hkp://keys.gnupg.net/ --recv-keys 0xF2F59045FFE2F4A1
+% gpg --auto-key-locate dane --locate-keys releases at govpn dot info
+% gpg --auto-key-locate wkd --locate-keys releases at govpn dot info
+% gpg --auto-key-locate pka --locate-keys releases at govpn dot info
+@end verbatim
+
+@item
+@verbatiminclude .well-known/openpgpkey/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc
+
+@end itemize
+
+Then you could verify tarballs signature:
+@verbatim
+% gpg --verify govpn-2.3.tar.xz.sig govpn-2.3.tar.xz
+@end verbatim