| bigbiff bigbiff | 354146a | 2016-12-05 18:36:49 -0500 | [diff] [blame^] | 1 | --- |
| 2 | layout: post |
| 3 | title: "How do I verify TWRP files with PGP?" |
| 4 | --- |
| 5 | |
| 6 | Recently we implemented signing TWRP files with OpenPGP for security minded people who want to verify |
| 7 | the repudiation of twrp.me files. You can read more about OpenPGP <a href="http://openpgp.org/about/">here</a> |
| 8 | |
| 9 | To verify a file, you will need to install our <a href="https://dl.twrp.me/public.asc">public key</a> into |
| 10 | your keyring. The public key is also listed on each device's download page. Please download the key to a new file. |
| 11 | When you click on the page, you will see a link for the PGP verification file as |
| 12 | "Download PGP Signature twrp-device-version.type.asc. This file is in binary format and is created using our |
| 13 | private key the first time the download page is created for the file. You can then perform |
| 14 | the following steps to verify repudiation (Linux steps only): |
| 15 | |
| 16 | <ol> |
| 17 | <li><pre>gpg --import twrp-public.asc</pre></li> |
| 18 | <li><pre>gpg --verify twrp-device-version.type.asc twrp-device-version.type</pre></li> |
| 19 | </ol> |
| 20 | |
| 21 | For Windows, please find a OpenPGP implementation and read the documentation to perform these steps. |