@node Download
@unnumbered Download

No additional dependencies except Python 2.7/3.x interpreter are required.

Preferable way is to download tarball with the signature:

@example
$ [fetch|wget] http://www.pygost.cypherpunks.ru/pygost-@value{VERSION}.tar.xz
$ [fetch|wget] http://www.pygost.cypherpunks.ru/pygost-@value{VERSION}.tar.xz.sig
$ gpg --verify pygost-@value{VERSION}.tar.xz.sig pygost-@value{VERSION}.tar.xz
$ xz --decompress --stdout pygost-@value{VERSION}.tar.xz | tar xf -
$ cd pygost-@value{VERSION}
$ python setup.py install
@end example

@include download.texi

But also you can use pip (@strong{no} OpenPGP authentication is
performed!) with PyPI:

@example
$ echo pygost==@value{VERSION} --hash=sha256:430bab3fdb4c2f59d89b5c80293468b3d3f5b713b49157d995b723ff909cf7c8 > requirements.txt
$ pip install --requirement requirements.txt
@end example

You @strong{have to} verify downloaded tarballs integrity and
authenticity to be sure that you retrieved trusted and untampered
software. @url{https://www.gnupg.org/, GNU Privacy Guard} is used
for that purpose.

For the very first time it is necessary to get signing public key and
import it. It is provided below, but you should check alternative
resources.

@verbatim
pub   rsa2048/0xE6FD1269CD0C009E 2016-09-13
      F55A 7619 3A0C 323A A031  0E6B E6FD 1269 CD0C 009E
uid   PyGOST releases <pygost at cypherpunks dot ru>
@end verbatim

@itemize

@item @url{https://lists.cypherpunks.ru/mailman/listinfo/gost, gost} maillist

@item
@example
$ gpg --auto-key-locate dane --locate-keys pygost at cypherpunks dot ru
$ gpg --auto-key-locate wkd --locate-keys pygost at cypherpunks dot ru
@end example

@item
@verbatiminclude PUBKEY.asc

@end itemize

You can obtain development source code with
@command{git clone git://git.cypherpunks.ru/pygost.git}.