I have created a feature request about signing with minisign

Event this topic was discussed on the list ~07.2018 I think we can start a new
discussion with the tool minisign which is easier to handle then gpg.


The arguments in the past are still valid but the difference is that the tool
makes the setup and the signing much easier, AFAIK.

The Issues about the private key for signing can be handled in that way that the
key is only valid for signing the package and the usage is straightforward.

What I have in mind.

1. Step create key
minisign -G -s ~/.haproxy-signing/haproxy-source.key -p

2. Step sign package
echo ${SIG_PASS}|minisign -Sm haproxy-$NEW.tar.gz -s
~/.haproxy-signing/haproxy-source.key -x haproxy-$NEW.tar.gz.minisig

3. Step verify tar.gz
minisign -Vm haproxy-$NEW.tar.gz -P


Best regards

Reply via email to