PKP helps you create, sign with and distribute public keys. It is designed to work in concert with PKS.
PKP is based on the work of SDSI, a simple distributed security infrastructure. PKP is meant to lower the technical barrier to using public key cryptography effectively. SDSI leverages Public-key cryptography which gives us the ability to sign data and to some degree, verify it origins.
npm install pkp -gpkp config
certificate as well as attempt to validate it's public key.
pkp sign <package-name> [version]
pkp sign --remote git://github.com/hij1nx/pkp.git
The verify method tries to validate the certificates and their public keys found in a specified pacakge-name or remote.
pkp verify <package-name> [version]
A package should contain a pki.json file which includes an object literal with entries corresponding to each signed version of the package.
Non-repudiation in the Digital Environment http://firstmonday.org/ojs/index.php/fm/article/view/778/687