Pretty Good Privacy (PGP) is used to sign or verify files or emails. For DragonFly there exist three different ports that implement PGP functionality:
- security/pgp
- security/netpgp
- security/gnupg
Only the latter really worked for me. For instance, my public key created with pgp could not be imported on another system, which I assume was using GnuPGP. So I stick with security/gnupg and describe below how to use it to create a key and how to sign and verify binary data.
Creating a key
gpg --gen-key
Then follow the instructions. To show the fingerprint of your key, use:
gpg --fingerprint youremailaddress
Exporting your public key
gpg --export --armor youremailaddress > mykey.asc
You can then send mykey.asc to someone or put it on your homepage for others to download.
Signing a binary file
To generate a detached signature for snapshot.tar.gz:
gpg --armor --detach-sign snapshot.tar.gz
This will create snapshot.tar.gz.asc.
Verify a signed file
To verify the signature from the last step use:
gpg --verify snapshot.tar.gz.asc snapshot.tar.gz
If successful, this should show something similar to:
gpg: Good signature from "Michael ...."