-
Notifications
You must be signed in to change notification settings - Fork 266
Ensure security chain of RskJ source code
Martin Medina edited this page May 19, 2017
·
13 revisions
For Linux based OS (Ubuntu for example) it's recommended to install gnupg-curl in order to download the key through HTTPS.
We recommend using GPG v1 because GPG v2 has a bug with import throught https
$ gpg --keyserver https://secchannel.rsk.co/release.asc --recv-keys 5DECF4415E3B8FA4
gpg: requesting key 5E3B8FA4 from https server secchannel.rsk.co
gpg: key 5E3B8FA4: public key "RSK Release Signing Key <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)$ gpg --finger 5DECF4415E3B8FA4
pub 4096R/5E3B8FA4 2017-05-16 [expires: 2022-05-15]
Key fingerprint = 1A92 D894 2171 AFA9 51A8 5736 5DEC F441 5E3B 8FA4
uid RSK Release Signing Key <[email protected]>
sub 4096R/A44DCC86 2017-05-16 [expires: 2022-05-15]
sub 4096R/5E488E87 2017-05-16 [expires: 2022-05-15]
sub 4096R/9FC3E7C2 2017-05-16 [expires: 2022-05-15]$ gpg2 --verify SHA256SUMS.asc
gpg: Signature made mar 16 may 2017 16:47:56 ART
gpg: using RSA key 0x67D06695A44DCC86
gpg: Good signature from "RSK Release Signing Key <[email protected]>" [ultimate]
Primary key fingerprint: 1A92 D894 2171 AFA9 51A8 5736 5DEC F441 5E3B 8FA4
Subkey fingerprint: D135 DDC0 B54D 6EF3 5901 52DF 67D0 6695 A44D CC86Linux:
$ sha256sum --check SHA256SUMS.asc
configure.sh: OK
sha256sum: WARNING: 19 lines are improperly formattedMacOs:
$ shasum --check SHA256SUMS.asc
configure.sh: OK
sha256sum: WARNING: 19 lines are improperly formatted$ ./configure.sh