Eduard - Gabriel Munteanu <edg...@gmail.com> wrote: > Hi, > > It currently seems impossible to verify downloads from a computer > without OpenBSD, for a few reasons: > > 1. No securely-distributed public key > 2. Lack of signify packages in e.g. Linux distros, or > securely-distributed sources
I have not used them, but signify seems to have been ported to Linux and at least some ports are available. https://github.com/chneukirchen/signify Regarding the key distribution, I suggest you to read Ted's comments on the matter. Many people is just uding the TOFU model with the keys. https://www.openbsd.org/papers/bsdcan-signify.html -- OpenPGP Key Fingerprint: BB5A C2A2 2CAD ACB7 D50D C081 1DB9 6FC4 5AB7 92FA