X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=doc%2Fintegrity.texi;h=ff692ff98d322f666c953629e18de09e2cc63b4e;hb=db394a3b5ad365b29ad6cbc285015b4a59b55569;hp=dc51aafc4f75df0a1bd5f8bd1ef129a3ae9b6b8e;hpb=4a58ee4c1365408452e03535ca68146aa9cf3540;p=govpn.git

diff --git a/doc/integrity.texi b/doc/integrity.texi
index dc51aaf..ff692ff 100644
--- a/doc/integrity.texi
+++ b/doc/integrity.texi
@@ -5,11 +5,35 @@ You @strong{have to} verify downloaded archives integrity and check
 their signature to be sure that you have got trusted, untampered
 software. For integrity and authentication of downloaded binaries
 @url{https://www.gnupg.org/, The GNU Privacy Guard} is used. You must
-download signature (.sig) provided with the tarball.
+download signature (@file{.sig}) provided with the tarball.
 
-For the very first time you need to import signing public keys. They
-are provided below, but be sure that you are reading them from the
-trusted source. Alternatively check this page from
-@ref{Contacts, other sources} and look for the mailing list announcements.
+For the very first time you need to import signing public key. It is
+provided below, but it is better to check alternative resources with it.
 
-@include pubkey.texi
+@verbatim
+pub   rsa2048/0xF2F59045FFE2F4A1 2015-03-10
+      D269 9B73 3C41 2068 D8DA  656E F2F5 9045 FFE2 F4A1
+uid   GoVPN releases <releases at govpn dot info>
+@end verbatim
+
+@itemize
+
+@item This website @ref{Contacts, alternates} and maillist containing
+public key fingerprint.
+
+@item
+@verbatim
+% gpg --auto-key-locate pka --locate-keys releases at govpn dot info
+% gpg --auto-key-locate dane --locate-keys releases at govpn dot info
+% gpg --auto-key-locate wkd --locate-keys releases at govpn dot info
+@end verbatim
+
+@item
+@verbatiminclude .well-known/openpgpkey/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc
+
+@end itemize
+
+Then you could verify tarballs signature:
+@verbatim
+% gpg --verify govpn-2.3.tar.xz.sig govpn-2.3.tar.xz
+@end verbatim