forked from zlatinb/muwire
-
Notifications
You must be signed in to change notification settings - Fork 0
GPG Signatures
danrobi11 edited this page Nov 10, 2020
·
1 revision
The binaries distributed on https://muwire.com are signed. The Windows and Mac binaries are signed with developer certificates, so they will not be covered in this document. The various binaries for Linux are signed with GPG, and you can verify them the following way:
Before you can verify you need to import the GPG key which you can find at https://keybase.io/zlatinb
The Linux AppImage has a GPG signature embedded in it. To validate, you need to build the validate tool from source, which is available at https://github.com/AppImage/AppImageKit/.
Download the MuWire-x.y.z.zip or MuWire-cli-x.y.z.tar as well as the GPG signature files. Then execute gpg --verify passing the signature and the binary as arguments:
gpg --verify MuWire-0.6.6.zip.sig MuWire-0.6.6.zip
gpg: Signature made Sat Nov 16 19:23:33 2019 EET using RSA key ID 2D525E41
gpg: Good signature from "Zlatin Balevsky (Personal key) <[email protected]>"