First you need to create a pair of GPG keys. A nice GUI tool for this is KGpg. This is included with recent KDE-Utils.
If you haven’t used KGpg before, execing kgpg starts the “KGpg Wizard”. Follow the instructions to generate your key pair. Suggestions for key length and other properties? I’ve used the default settings: 1024 and DSA/ElGamal.
After the wizard, export your public key to a file. Use
KeyManager --import key.asc to import the public key to Gobo’s system keyring.
Now you can use
CreatePackage --sign and
SignProgram to create signed
Private keys are kept in the users
/.gnupg/keyrings. Public keys, used for
verification, are kept in
Resources/FileHash is a text file containing the md5sums for each file.
Resources/FileHash.sig is the gpg signature for