Skip to content

Verify Maddy signature #726

Answered by foxcpp
superpestro asked this question in Q&A
Sep 7, 2024 · 1 comments · 1 reply
Discussion options

You must be logged in to vote

Release artifacts are signed using PGP key 3197BBD95137E682A59717B434BB2007081396F4, available at public key server openpgp.org: https://keys.openpgp.org/vks/v1/by-fingerprint/3197BBD95137E682A59717B434BB2007081396F4
You need to download and import the key using gpg --import command. Then you should be able to run the verification command e.g. gpg --verify maddy-0.7.1-src.tar.zst.sig.

Possible output:

gpg: assuming signed data in 'maddy-0.7.1-src.tar.zst'
gpg: Signature made Wed Jan 24 00:39:00 2024 MSK
gpg:                using EDDSA key FEAAFB6CEB3713B86EA36D5F5B991F6215D2FCC0
gpg: Good signature from "Max Mazurov <fox.cpp@disroot.org>" [unknown]    <------ Signature is valid.
gpg: WARN…

Replies: 1 comment 1 reply

Comment options

You must be logged in to vote
1 reply
@superpestro
Comment options

Answer selected by superpestro
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants