[CONF] Apache Tuscany Docs 2.x > Create Signing Key

[co...@apache.org]

Space: Apache Tuscany Docs 2.x (http://cwiki.apache.org/confluence/display/TUSCANYxDOCx2x)
Page: Create Signing Key (http://cwiki.apache.org/confluence/display/TUSCANYxDOCx2x/Create+Signing+Key)

Added by kelvin goodson:
---------------------------------------------------------------------
{section:border=false}{column:width=15%}
{include: Menus}{column}{column:width=85%}

h3. Create a code signing key

Install [GNU GPG|http://www.gnupg.org/]

Create a gpg config file eg c:\gpg\conf\gpg.conf with this contents:
utf8-strings
keyserver x-hkp://pgp.surfnet.nl/
default-cert-check-level 3
keyserver-options auto-key-retrieve include-subkeys
no-mangle-dos-filenames
no-secmem-warning

Set the GNUPGHOME environment var to point to that: set GNUPGHOME=\gpg\conf

gpg \--gen-key

accept all defaults, use your apache email and a comment like "Code Signing Key", eg:

Real name: Ant Elder
Email address: antelder@apache.org
Comment: Code Signing Key

Use long hard to guess passphrase with numbers and miss spellings etc

now should be able to show that key with: gpg \--list-keys

C:\>gpg \--list-keys
/gpgtest/conf\pubring.gpg
\------------------------\-
pub   1024D/481240F5 2007-06-28
uid                  Ant Elder (Code Signing Key) <an...@apache.org>
sub   2048g/F6F122B8 2007-06-28

Upload that to a key server using the keyid, eg gpg \--send-key 481240F5

Now if you go to [http://pgp.surfnet.nl/] you should be able to search for you name and find the uploaded key


Add this key to the KEYS file in the Tuscany SVN: [https://svn.apache.org/repos/asf/incubator/tuscany/KEYS]
eg, check out the KEYS file then update with:

(gpg \--list-sigs  antelder@apache.org && gpg \--armor \--export antelder@apache.org) >> KEYS







{column}
{section}

Change your notification preferences: http://cwiki.apache.org/confluence/users/viewnotifications.action