add gpg verification to installation.md

PIVX-Project · Nov 19, 2018 · 7501e69 · 7501e69
1 parent 5abc252
commit 7501e69
Showing 1 changed file with 37 additions and 1 deletion.
diff --git a/docs/installation.md b/docs/installation.md
@@ -18,7 +18,43 @@ python3 spmt.py
 <br>
 
 
-#### Setting up the Masternode VPS
+#### Verifying the binaries
+It's always advised to use the provided signature *asc* files to verify the authenticity of the downloaded package and confirm it has been signed by the author (Keybase user: [random_zebra](https://keybase.io/random_zebra/)).
+
+__To verify the signature (with keybase app)__:
+```
+keybase pgp verify -d <detached signature file> -i <downloaded archive> -S random_zebra
+```
+e.g.
+```
+keybase pgp verify -d SPMT-v0.3.2a-x86_64-gnu_linux.tar.gz.asc -i SPMT-v0.3.2a-x86_64-gnu_linux.tar.gz -S random_zebra
+```
+
+__To verify it (without keybase app)__:
+- Download signing key
+
+```
+curl https://keybase.io/random_zebra/pgp_keys.asc?fingerprint=ed501a1c26ce0733c33d6b00e7d8bf3b03d710a1 > random_zebra-PUBKEY.asc
+```
+- Import key 
+
+```
+gpg --import random_zebra-PUBKEY.asc
+```
+- Verify the downloaded archive with its detached signature file:
+
+```
+gpg --verify <detached signature file> <downloaded archive>
+```
+
+e.g.
+```
+gpg --verify SPMT-v0.3.2a-x86_64-gnu_linux.tar.gz.asc SPMT-v0.3.2a-x86_64-gnu_linux.tar.gz
+```
+
+<br>
+
+### Setting up the Masternode VPS
 
 To setup the remote node follow the steps described here:
 [VPS Setup Guide](vpsguide.md)