@cindex package signing
The maintainers of package archives can increase the trust that you
can have in their packages by @dfn{signing} them. They generate a
-private/public pair of crytopgraphic keys, and use the private key to
+private/public pair of cryptographic keys, and use the private key to
create a @dfn{signature file} for each package. With the public key, you
can use the signature files to verify who created the package, and
that it has not been modified. A valid signature is not a cast-iron
package that is not signed. If you use some archives that do not sign
their packages, you can add them to the list @code{package-unsigned-archives}.
- For more information on crytopgraphic keys and signing,
+ For more information on cryptographic keys and signing,
@pxref{Top,, Top, gnupg, The GNU Privacy Guard Manual}.
Emacs comes with an interface to GNU Privacy Guard,
@pxref{Top,, EasyPG, epa, Emacs EasyPG Assistant Manual}.
well-maintained and keep the hosting system secure.
One way to increase the security of your packages is to @dfn{sign}
-them using a crytopgraphic key. If you have generated a
+them using a cryptographic key. If you have generated a
private/public gpg key pair, you can use gpg to sign the package like
this:
your public key to verify the signatures.
A full explanation of these matters is outside the scope of this
-manual. For more information on crytopgraphic keys and signing,
+manual. For more information on cryptographic keys and signing,
@pxref{Top,, GnuPG, gnupg, The GNU Privacy Guard Manual}. Emacs comes
with an interface to GNU Privacy Guard, @pxref{Top,, EasyPG, epa,
Emacs EasyPG Assistant Manual}.