This repository and its contained programs are not part of TeX Live, nor are they affiliated with the TeX Users Group (TUG) or any other TeX user group.
To ease adoption of verification, this repository provides a TeX Live package tlgpg that ships GnuPG binaries for Windows and MacOS (universal and x86_64). It is hosted as part of texlive.info.
Starting with the TeX Live 2016 release, TeX Live provides facilities to verify authenticity of the TeX Live database using cryptographic signatures. For this to work, a working GnuPG program needs to be available; either gpg (version 1) or gpg2 (version 2).
GnuPG (GNU Privacy Guard)'s own web site is gnupg.org; it provides distributions in both source and binary form and plenty of documentations.
If you are not running Windows or MacOS, there is no need to read this page and/or to install tlgpg. Please install GnuPG over the usual channels of your distribution.
For Windows or MacOS users, there are two options: (i) do a one-time installation of the tlgpg package; or (ii) add the tlgpg repository to the list of local repositories and install gpg for the sake of possible future updates.
This is the simplest case and suffices to install the necessary packages for verification:
tlmgr --repository http://www.texlive.info/tlgpg/ install tlgpg
Alternatively, tlmgr can handle several repositories at the same time, and this method guarantees that future updates to a package installed from a secondary repository are also installed.
There are three steps involved:
tlmgr repository add http://www.texlive.info/tlgpg/ mytlgpgThat final word mytlgpg is a free-form tag (one word) that will be used later. It can be anything reasonable.
tlmgr pinning add mytlgpg "tlgpg*"
tlmgr install tlgpgYou should then see a message that tlgpg has been installed.
The sources of the programs are available here.
Please contact me by email.