Apache Tuscany > Home > General Info > Making releases > Create signing key User List | Dev List | Issue Tracker  

Create a code signing key

Install GNU GPG

Create a gpg config file eg c:\gpg\conf\gpg.conf with this contents:
utf8-strings
keyserver x-hkp://pgp.surfnet.nl/
default-cert-check-level 3
keyserver-options auto-key-retrieve include-subkeys
no-mangle-dos-filenames
no-secmem-warning

Set the GNUPGHOME environment var to point to that: set GNUPGHOME=\gpg\conf

gpg --gen-key

accept all defaults, use your apache email and a comment like "Code Signing Key", eg:

Real name: Ant Elder
Email address: antelder@apache.org
Comment: Code Signing Key

Use long hard to guess passphrase with numbers and miss spellings etc

now should be able to show that key with: gpg --list-keys

C:\>gpg --list-keys
/gpgtest/conf\pubring.gpg
-------------------------
pub 1024D/481240F5 2007-06-28
uid Ant Elder (Code Signing Key) <antelder@apache.org>
sub 2048g/F6F122B8 2007-06-28

Upload that to a key server using the keyid, eg gpg --send-key 481240F5

Now if you go to http://pgp.surfnet.nl/ you should be able to search for you name and find the uploaded key

Add this key to the KEYS file in the Tuscany SVN: https://svn.apache.org/repos/asf/incubator/tuscany/KEYS
eg, check out the KEYS file then update with:

(gpg --list-sigs antelder@apache.org && gpg --armor --export antelder@apache.org) >> KEYS

website stats