# Pretty Good Privacy (PGP) https://www.wikiwand.com/en/Pretty_Good_Privacy ## Verifying a installer using a PGP Key ### [[Bisq]] has a great guide for verifying their own software https://bisq.wiki/Downloading_and_installing Requires gnupg ``` brew install gnupg ``` Grab Christoph Atteneder (ripcurlx)'s GPG key in a verifiable method: ``` curl https://bisq.network/pubkey/29CDFD3B.asc | gpg --import ``` - Using your knowledge that the [[GitHub]] repo is valid, verify that `ripcurlx` on Github wrote the software https://github.com/bisq-network/bisq/commits?author=ripcurlx - Verify that `ripcurlx` on Github attests to his PGP key listed on keybase: https://gist.github.com/ripcurlx/d15505d9cd2256a1ae54e88714062df0 ![[Screen Shot 2021-08-04 at 8.24.08 AM.png]] - Get his PGP key according to Keybase here: https://keybase.io/ripcurlx ![[Screen Shot 2021-08-04 at 8.15.54 AM.png]] With the installer file and installer signature file in the same directory, run: ``` gpg --digest-algo SHA256 --verify <SIGNATURE-FILE>.asc ``` See the results! ![[Screen Shot 2021-08-04 at 8.18.30 AM.png]] ### Verifying [[Mullvad]] installation See [[Mullvad#Verifying Signatures]] ## Securing your PGP key Advice (from Philip) - Leave it on computer - Make it user read/write only using [[chmod]] - Ensure hard drive has full disk encryption