X-Git-Url: http://www.git.cypherpunks.ru/?p=govpn.git;a=blobdiff_plain;f=doc%2Fintegrity.texi;h=ff692ff98d322f666c953629e18de09e2cc63b4e;hp=ea5e59e51c766733e3232206946adbd0780296ce;hb=db394a3b5ad365b29ad6cbc285015b4a59b55569;hpb=ad9125d692f369af12d2bb715ea9822147d07b57

diff --git a/doc/integrity.texi b/doc/integrity.texi
index ea5e59e..ff692ff 100644
--- a/doc/integrity.texi
+++ b/doc/integrity.texi
@@ -7,9 +7,33 @@ software. For integrity and authentication of downloaded binaries
 @url{https://www.gnupg.org/, The GNU Privacy Guard} is used. You must
 download signature (@file{.sig}) provided with the tarball.
 
-For the very first time you need to import signing public keys. They
-are provided below, but be sure that you are reading them from the
-trusted source. Alternatively check this page from
-@ref{Contacts, other sources} and look for the mailing list announcements.
+For the very first time you need to import signing public key. It is
+provided below, but it is better to check alternative resources with it.
 
-@verbatiminclude pubkey.txt
+@verbatim
+pub   rsa2048/0xF2F59045FFE2F4A1 2015-03-10
+      D269 9B73 3C41 2068 D8DA  656E F2F5 9045 FFE2 F4A1
+uid   GoVPN releases <releases at govpn dot info>
+@end verbatim
+
+@itemize
+
+@item This website @ref{Contacts, alternates} and maillist containing
+public key fingerprint.
+
+@item
+@verbatim
+% gpg --auto-key-locate pka --locate-keys releases at govpn dot info
+% gpg --auto-key-locate dane --locate-keys releases at govpn dot info
+% gpg --auto-key-locate wkd --locate-keys releases at govpn dot info
+@end verbatim
+
+@item
+@verbatiminclude .well-known/openpgpkey/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc
+
+@end itemize
+
+Then you could verify tarballs signature:
+@verbatim
+% gpg --verify govpn-2.3.tar.xz.sig govpn-2.3.tar.xz
+@end verbatim