How to verify release #993

freddiemacd · 2021-03-02T22:26:59Z

freddiemacd
Mar 2, 2021

I'm new to gpg and I feel like I'm missing something.

How do I properly verify the release on Ubuntu?

First i did

wget https://github.com/cryptoadvance/specter-desktop/releases/download/v1.2.2/specter_desktop-v1.2.2-x86_64-linux-gnu.tar.gz

Then I did,

wget https://stss-specter-release.asc

I then,

gpg --import ss-specter-release.asc

and I saw the expected output.

What next, to be sure the file was signed by that key?

ben-kaufman · 2021-03-04T08:13:20Z

ben-kaufman
Mar 4, 2021

Hi, now you should just run:

wget https://github.com/cryptoadvance/specter-desktop/releases/download/v1.2.2/sha256.signed.txt
gpg --verify sha256.signed.txt
sha256sum -c sha256.signed.txt specter_desktop-v1.2.2-x86_64-linux-gnu.tar.gz | grep OK

And make sure you have an OK there in the output of the last command (and that the verify command passes successfully)

0 replies

freddiemacd · 2021-03-05T19:55:37Z

freddiemacd
Mar 5, 2021
Author

Thank you for that. It has helped me to understand gpg more and to verify your software.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How to verify release #993

{{title}}

Replies: 2 comments

{{title}}

{{title}}

Select a reply

How to verify release #993

freddiemacd Mar 2, 2021

Replies: 2 comments

ben-kaufman Mar 4, 2021

freddiemacd Mar 5, 2021 Author

freddiemacd
Mar 2, 2021

ben-kaufman
Mar 4, 2021

freddiemacd
Mar 5, 2021
Author