gpggpg is the Apache recommended client to create and manage these keys.On a Mac:
brew install gpg
On Windows:
???
Create a new key with
Use this command
gpg --gen-key
(more elaborate instructions at http://www.apache.org/dev/openpgp.html#generate-key + http://www.apache.org/dev/openpgp.html#generation-final-steps)
Look at your keyring:
gpg --list-sigs --fingerprint
Example Output:
pub 4096R/8A496450 2014-02-27
Key fingerprint = B998 A96C 4DAA 821A 9C3A FA5C E28E 332A 8A49 6450
uid Andrew Grieve (CODE SIGNING KEY) <agrieve@apache.org>
sig 3 8A496450 2014-02-27 Andrew Grieve (CODE SIGNING KEY) <agrieve@apache.org>
sub 4096R/A59029E7 2014-02-27
sig 8A496450 2014-02-27 Andrew Grieve (CODE SIGNING KEY) <agrieve@apache.org>
In this example, 8A496450 is your key ID. Set it to a environment variable:
KEY_ID=8A496450
(Or on Windows: set KEY_ID=8A496450. Everywhere you see $KEY_ID from now on, use %KEY_ID% instead)
Publish to dist/KEYS:
# Clone `cordova-dist` if you don't have it already: coho repo-clone -r dist # Append your key to the KEYS file gpg --armor --export $KEY_ID >> cordova-dist/KEYS # Make sure that's the only change to the file ( cd cordova-dist && svn diff ) # Commit ( cd cordova-dist && svn commit -m "Added my signing PGP key to KEYS" )
See committer subversion access for information how to access SVN (TLDR: add --username=... to the svn commit command if needed).
Publish to keys.gnupg.net
gpg --keyserver hkp://keys.gnupg.net --send-keys $KEY_ID
Visit http://pgp.mit.edu/ and paste in result of:
// Mac gpg --armor --export $KEY_ID | pbcopy // Windows gpg --armor --export $KEY_ID | clip
Copy to your Apache homedir:
gpg --armor --export $KEY_ID > $KEY_ID.asc scp $KEY_ID.asc people.apache.org:
Sign into: https://id.apache.org/ and add your fingerprint (not your KEY_ID). This will cause emails from Apache to you to be encrypted.
curl "https://people.apache.org/keys/group/cordova.asc" | gpg --import
Import any extra committer's keys via:
curl "https://dist.apache.org/repos/dist/release/cordova/KEYS" | gpg --import