antivir.gpg - AntiVir PGP Public Key

AntiVir supports GnuPG to verify the authenticity of files downloaded using
the internet updater. In order to make use of this feature (which is
highly recommended), you will need to take the following steps. These
only need to be done once.


1. You need GnuPG. You can download it from the GnuPG website
   (http://www.gnupg.org). If you are new to GnuPG and PGP, it is recommended
   that you read over the GnuPG Handbook and learn the concepts of PGP and
   how it can be safely and securely used.


2. You need your own PGP key. If you don't have one, then you can generate
   one. Again, please read over the GnuPG handbook if you are not already
   familiar with GnuPG and PGP.


3. You need to add the AntiVir PGP Public Key to your keyring.
   Note: Each user has its own keyring, so you will need to do this step
         for EACH user that may be doing updates. For example, most
	 (if not all) the updates will be done as root.

   gpg --import antivir.gpg


4. You should check the key's fingerprint to make sure that it is indeed
   the AntiVir PGP Public Key.

   gpg --fingerprint build@avira.com

   This will show the 40-character fingerprint. Make sure it matches
   the fingerprint displayed on the AntiVir web site (it can be
   found on any of the download pages) or you could verify the
   fingerprint with a friend, who is known to already be using GnuPG
   with AntiVir.


5. You need to sign the AntiVir PGP Public Key. This is how you declare
   that you trust that this is a valid key.

   gpg --sign-key build@avira.com


6. You should verify that everything is set up correctly. You can do this
   by checking the fingerprint on the "antivir" binary. Go into the "bin"
   directory from the installation files and you should see two files:

   antivir  antivir.asc

   Check the signature with:

   gpg --verify antivir.asc antivir

   If everything checks out ok, then you are ready to use GnuPG with the
   AntiVir internet updater.


7. Activate GnuPG in AntiVir by adding the GnuPGBinary directive to the
   /etc/avupdater.conf file. This directive takes as argument the full path
   to your GnuPG binary. Typically it would look like this:

   GnuPGBinary /usr/local/bin/gpg


Note: Currently only engine or program updates utilize GnuPG. VDF file
      updates will not use GnuPG. This will be changed soon.
