Verifying Archives ------------------ Archives created prior to December 1, 2022 can be verified in one of two ways: 1. Each .tar.gz archive is signed inline with signify(1) and can be verified (using the -z flag) against the public key located at https://www.danielmoch.com/static/djmoch-signify.pub 2. Using the .sig file corresponding to an archive, verification can be done with gpg(1) against the public key located at https://www.danielmoch.com/static/gpg.asc Archives created on or after December 1, 2022 will only be signed with signify(1), and not with gpg(1). To support the use of minisign(1), which is compatable with signify, detached signatures will be created. signify(1)/minisign(1) signature files are indicated with a .minisig extension.