Roo makes use of GnuPG (http://www.gnupg.org/) to sign add-ons. Signing of add-ons ensures that Roo users download and install only trusted add-ons. The add-on creator module of Roo signs the add-on with his secret PGP key and publishes the public PGP key to a public key server. A Roo user needs to tell Roo explicitly that it trusts an add-on by adding a public PGP key to Roo's key store. This allows Roo to download and install the add-on. If the public PGP key is not added to Roo's key store, the add-on will not be downloaded and installed.
In this recipe, we'll look at how to install GnuPG, create a key-pair (consisting of secret and public keys), and publish the public key to a public key server.