Source code
Verifying Signed Packages

After downloading a package, check that the SHA-256 checksum matches the package's .md5 file. PerCGI packages are signed by Julien Nadeau Carriere (vedge@csoft.net). Get this KEYS file along with the package's .asc signature, and verify using a tool such as gpg:

  $ wget https://libagar.org/KEYS
  $ gpg --import KEYS

  $ wget https://stable.hypertriton.com/percgi/percgi-1.0.tar.gz.asc
  $ gpg --verify percgi-1.0.tar.gz.asc

The fingerprints should match:

71AB 5949 2159 9198 AD5E  587C 33CA 9C83 A9EE 5206
D810 5851 EA43 4F14 BB9C  7A17 9417 3E3D E08C 7015
Csoft.net ElectronTubeStore