You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: README.md
+36
Original file line number
Diff line number
Diff line change
@@ -61,6 +61,42 @@ Implementation details
61
61
* Optional runtime blinding which attempts to frustrate differential power analysis.
62
62
* The precomputed tables add and eventually subtract points for which no known scalar (secret key) is known, preventing even an attacker with control over the secret key used to control the data internally.
63
63
64
+
Obtaining and verifying
65
+
-----------------------
66
+
67
+
The git tag for each release (e.g. `v0.6.0`) is GPG-signed by one of the maintainers.
68
+
For a fully verified build of this project, it is recommended to obtain this repository
69
+
via git, obtain the GPG keys of the signing maintainer(s), and then verify the release
70
+
tag's signature using git.
71
+
72
+
This can be done with the following steps:
73
+
74
+
1. Obtain the GPG keys listed in [SECURITY.md](./SECURITY.md).
75
+
2. If possible, cross-reference these key IDs with another source controlled by its owner (e.g.
76
+
social media, personal website). This is to mitigate the unlikely case that incorrect
0 commit comments