6,534
edits
Changes
Started
All the packages that are released by OpenVZ project are digitally signed by OpenVZ GPG key. Thus, you can check that those packages are indeed came from OpenVZ.
== Public and private keys ==
There is a pair of keys generated for the purpose of signing and verifying the signature.
'''Private key''' is the key that is available to OpenVZ stuff only and is protected by the passphrase. This key is used for signing the packages, so nobody else but OpenVZ stuff can sign them using this key.
'''Public key''' is the key that is available to everyone and can be obtained from a number of places (e.g. [http://pgp.mit.edu/ MIT keyserver] — search for OpenVZ). Public key is used to verify the signature.
== Checking RPM packages ==
== Checking files ==
[[Category: Infrastructure]]
[[Category: Security]]
== Public and private keys ==
There is a pair of keys generated for the purpose of signing and verifying the signature.
'''Private key''' is the key that is available to OpenVZ stuff only and is protected by the passphrase. This key is used for signing the packages, so nobody else but OpenVZ stuff can sign them using this key.
'''Public key''' is the key that is available to everyone and can be obtained from a number of places (e.g. [http://pgp.mit.edu/ MIT keyserver] — search for OpenVZ). Public key is used to verify the signature.
== Checking RPM packages ==
== Checking files ==
[[Category: Infrastructure]]
[[Category: Security]]