From b0c622da7c0a8bdabb33d63fd0c2d7c2b9df02ef Mon Sep 17 00:00:00 2001
From: Alex Legler <alex@a3li.li>
Date: Thu, 2 Apr 2015 11:09:31 +0200
Subject: Initial version

---
 downloads/signatures/index.html | 74 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 downloads/signatures/index.html

(limited to 'downloads/signatures')
diff --git a/downloads/signatures/index.html b/downloads/signatures/index.html
new file mode 100644
index 0000000..4b12a62
--- /dev/null
+++ b/downloads/signatures/index.html
@@ -0,0 +1,74 @@
+---
+title: 'Release Media Signatures'
+navtitle: 'Signatures'
+nav1: downloads
+nav2: signatures
+nav2-show: true
+---
+
+<p>
+  Our current releases are signed with either of these keys <strong>or any sub keys</strong>:
+</p>
+
+<table class="table table-striped">
+  <tr>
+    <th>Key ID/Type/Fingerprint</th>
+    <th>Description</th>
+    <th>Created</th>
+    <th>Expired</th>
+  </tr>
+  <tr>
+    <td><kbd>0xBB572E0E2D182910</kbd> (4096-bit RSA)<br>
+    <kbd>13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910</kbd></td>
+    <td>Gentoo Linux Release Engineering (Automated Weekly Release Key)</td>
+    <td>2009-08-25</td>
+    <td>2015-08-24</td>
+  </tr>
+  <tr>
+    <td><kbd>0xDB6B8C1F96D8BF6D</kbd> (4096-bit RSA)<br>
+    <kbd>DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D</kbd></td>
+    <td>Gentoo Portage Snapshot Signing Key (Automated Signing Key)</td>
+    <td>2011-11-25</td>
+    <td>2015-11-24</td>
+  </tr>
+  <tr>
+    <td><kbd>0x9E6438C817072058</kbd> (1024-bit DSA)<br>
+    <kbd>D99E AC73 79A8 50BC E47D A5F2 9E64 38C8 1707 2058</kbd></td>
+    <td>Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key)</td>
+    <td>2004-07-20</td>
+    <td>2016-08-13</td>
+  </tr>
+</table>
+
+<div class="row">
+  <div class="col-xs-12 col-md-8 col-md-offset-2">
+    <div class="panel panel-default">
+      <div class="panel-heading">
+        <h3 class="panel-title"><span class="fa fa-fw fa-check-circle-o"></span> Verifying Files</h3>
+      </div>
+      <div class="panel-body">
+        <p>To verify downloaded files are not tampered with, you need the <tt>.DIGESTS</tt> file matching your release and the matching key from the table above.</p>
+
+        <p>Fetch the key:</p>
+
+        <p><kbd>gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys &lt;key id&gt;</kbd></p>
+
+        <p>Verify the <tt>DIGESTS</tt> file:</p>
+
+        <p><kbd>gpg --verify &lt;foo.DIGESTS.asc&gt;</kbd></p>
+
+        <p>Verify the download matches the digests. At least one of the following will exist:</p>
+
+        <p><kbd>sha512sum -c &lt;foo.DIGESTS.asc&gt;</kbd></p>
+        <p><kbd>sha256sum -c &lt;foo.DIGESTS.asc&gt;</kbd></p>
+        <p><kbd>sha1sum -c &lt;foo.DIGESTS.asc&gt;</kbd></p>
+
+        <br>
+
+        <div class="alert alert-info">
+          Detailed instructions are available in the <a href="https://wiki.gentoo.org/wiki/Handbook:Main_Page" class="alert-link">Gentoo Handbook</a>.
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
\ No newline at end of file
-- 
cgit v1.2.3


Key ID/Type/Fingerprint	Description	Created	Expired
`0xBB572E0E2D182910` (4096-bit RSA) + `13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910`	Gentoo Linux Release Engineering (Automated Weekly Release Key)	2009-08-25	2015-08-24
`0xDB6B8C1F96D8BF6D` (4096-bit RSA) + `DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D`	Gentoo Portage Snapshot Signing Key (Automated Signing Key)	2011-11-25	2015-11-24
`0x9E6438C817072058` (1024-bit DSA) + `D99E AC73 79A8 50BC E47D A5F2 9E64 38C8 1707 2058`	Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key)	2004-07-20	2016-08-13