GPG for ASDF-Install developers
GPG instructions for ASDF-Install users can be found at ASDF-Install and GPG.

To make a package available for installation with ASDF-Install you need to sign it with a pgp public key. This page walks you through the process. It is assumed that you understand the basic principles of public-key crypto systems, but don't know how to properly operate gpg.

Creating a keypair

Do this on a machine that you control, not a server. You are creating a keypair for your online Lisp-author persona. To allow others to associate your public key with your online persona (and in order for you to associate the corresponding private key with this persona), you need to identify yourself with three pieces of information: a name, an e-mail address, and a comment. For your name and e-mail address, you should use the name and e-mail associated with your online persona. If you routinely change e-mail addresses, pick a permanent one to use here. The comment allows you to further identify the persona associated with this key -- for example, you may wish to say something like for signing lisp software only if you don't wish people to send you encrypted e-mail using this key.

The last thing you need to do is pick a passphrase. Write it down and keep it somewhere safe. You might think you will remember it, but if you don't use it for a year and forget the password it's embarassing for you and annoying for the Lisp community. Just write it down.

gpg --gen-key

You will be asked for all the information above, and when it's all over you will have a new public/private keypair in your gpg keyring.

Sharing your public key

Now you need to make a pubkey.asc file containing your public key so others can check signatures against it. In this example we'll assume you used the e-mail address lispnik@example.com.

gpg -o pubkey.asc --armor --export lispnik@example.com

To double-check that you exported the correct key, you can try re-importing it:

gpg --import pubkey.asc

Gpg should say that it processed one key, and will tell you the identity of the key. If it says something else, remove the file, and try exporting again.

Now, put this file somewhere public where others will be able to find it, such as a keyserver.

To learn how to make your systems ASDF-installable, see ASDF-Install.


document howto