Create a code signing keyInstall GNU GPG Create a gpg config file eg c:\gpg\conf\gpg.conf with this contents: utf8-strings keyserver x-hkp://pgp.surfnet.nl/ default-cert-check-level 3 keyserver-options auto-key-retrieve include-subkeys no-mangle-dos-filenames no-secmem-warning Set the GNUPGHOME environment var to point to that: set GNUPGHOME=\gpg\conf gpg --gen-key accept all defaults, use your apache email and a comment like "Code Signing Key", eg: Real name: Ant Elder Email address: antelder@apache.org Comment: Code Signing Key Use long hard to guess passphrase with numbers and miss spellings etc now should be able to show that key with: gpg --list-keys C:\>gpg --list-keys /gpgtest/conf\pubring.gpg ------------------------- pub 1024D/481240F5 2007-06-28 uid Ant Elder (Code Signing Key) <antelder@apache.org> sub 2048g/F6F122B8 2007-06-28 Upload that to a key server using the keyid, eg gpg --send-key 481240F5 Now if you go to http://pgp.surfnet.nl/ Image Added you should be able to search for you name and find the uploaded key Add this key to the KEYS file in the Tuscany SVN: https://svn.apache.org/repos/asf/incubator/tuscany/KEYS Image Added eg, check out the KEYS file then update with: (gpg --list-sigs antelder@apache.org && gpg --armor --export antelder@apache.org) >> KEYS |