Can you help me to find your public gpg key?
I can only see: 868184069239FF65DE0BCD7D D9BAE35991DE5B22
szczepan@nitrokey.com mailto:szczepan@nitrokey.comhow can I get the public key to verify the sha256sum.txt from this?
any quick steps/tips would be greatly appreciated,
Hi!
While describing the release artifacts I sometimes forget to include proper instructions about binaries verification, and related with it key fetching. Let’s answer all the related questions here.
Key is available e.g. here:
- https://keys.openpgp.org/vks/v1/by-fingerprint/868184069239FF65DE0BCD7DD9BAE35991DE5B22
It can be imported automatically with:
gpg2 --receive-keys 868184069239FF65DE0BCD7DD9BAE35991DE5B22
# or directly from an URL if needed
gpg2 --fetch "https://keys.openpgp.org/vks/v1/by-fingerprint/868184069239FF65DE0BCD7DD9BAE35991DE5B22"
Signatures can be verified with:
gpg2 --verify sha256sum.txt.sig
And with that confirmed, we can finally verify the hash sums:
sha256sum --check sha256sum.txt