Creating keys for package signing: Difference between revisions

From Alpine Linux
(initial doc for how to create developer keys)
 
No edit summary
Line 5: Line 5:


== Create the private key ==
== Create the private key ==
  pre>openssl genrsa 2048 -out ''emailaddress.priv''
  openssl genrsa 2048 -out ''emailaddress.priv''
 
Append -aes256 if you want it encrypted, but then you'll need to enter the password for every package you sign.
Append -aes256 if you want it encrypted, but then you'll need to enter the password for every package you sign.


== Creating the public key ==
== Creating the public key ==
  openssl rsa -in ''emailaddress.priv'' -pubout -out /etc/apk/keys/''emailaddress''
  openssl rsa -in ''emailaddress.priv'' -pubout -out /etc/apk/keys/''emailaddress''

Revision as of 12:51, 21 July 2009

Creating keys for package signing

This document describes how to create a pulibc and a private key for signing of packages and indexes. The public key should be distributed and installed into /etc/apk/keys on the alpien box that will install the packages. This basicly means that the main developers public keys should be in /etc/apk/keys on all alpine boxes.

Since the public key needs to be unique for each developer the email address should be used as name for the public key.

Create the private key

openssl genrsa 2048 -out emailaddress.priv

Append -aes256 if you want it encrypted, but then you'll need to enter the password for every package you sign.

Creating the public key

openssl rsa -in emailaddress.priv -pubout -out /etc/apk/keys/emailaddress