Preferable way is to download tarball with the signature from official
website:
- % wget http://www.cypherpunks.ru/pygost/pygost-2.1.tar.xz
- % wget http://www.cypherpunks.ru/pygost/pygost-2.1.tar.xz.sig
- % gpg --verify pygost-2.1.tar.xz.sig pygost-2.1.tar.xz
- % xz -d < pygost-2.1.tar.xz | tar xf -
- % cd pygost-2.1
+ % wget http://pygost.cypherpunks.ru/pygost-3.7.tar.xz
+ % wget http://pygost.cypherpunks.ru/pygost-3.7.tar.xz.sig
+ % gpg --verify pygost-3.7.tar.xz.sig pygost-3.7.tar.xz
+ % xz -d < pygost-3.7.tar.xz | tar xf -
+ % cd pygost-3.7
% python setup.py install
But also you can use PIP (NO authentication is performed!):
- % pip install pygost==2.1
+ % pip install pygost==3.7
You have to verify downloaded tarballs integrity and authenticity to be
sure that you retrieved trusted and untampered software. GNU Privacy
Guard is used for that purpose.
-For the very first time it it necessary to get signing public key and
+For the very first time it is necessary to get signing public key and
import it. It is provided below, but you should check alternative
resources.
uid PyGOST releases <pygost at cypherpunks dot ru>
Look in PUBKEY.asc file.
- % gpg --keyserver hkp://keys.gnupg.net/ --recv-keys 0xE6FD1269CD0C009E
% gpg --auto-key-locate dane --locate-keys pygost at cypherpunks dot ru
% gpg --auto-key-locate wkd --locate-keys pygost at cypherpunks dot ru
- % gpg --auto-key-locate pka --locate-keys pygost at cypherpunks dot ru