Starting with release 2016, TeX Live provides facilities to verify authenticity of the TeX Live database using cryptographic signatures. For this to work out, a working GnuPG program needs to be available. In particular, either gpg (version 1) or gpg2 (version 2).
To ease adoption of verification, this repository provides a TeX Live package tlgpg that ships GnuPG binaries for Windows and MacOS (universal and x86_64).
For Windows or MacOS users, there are two options: (i) do a one-time installation of the tlgpg package; or (ii) add the tlgpg to the list of local repositories and install gpg.
tlmgr --repository http://www.preining.info/tlgpg/ install tlgpg
There are three steps involved: (i) Tell tlmgr about the new repository:
tlmgr repository add http://www.preining.info/tlgpg/ mytlgpgThe final mytlgpg is a free-form tag (one word) that will be used later. It can be anything reasonable.
(ii) Tell tlmgr that you want to install tlgpg from this repository:
tlmgr pinning add mytlgpg "tlgpg*"(the "quotes" are to protect against possible shell expansion)
(iii) Install tlgpg
tlmgr install tlgpgYou should see a message that tlgpg has been installed.
(not verified)from which you can tell whether the repository was checked against a signature.