PGP verification of releases

It would be great if verification of NK firmware releases was easier; e.g. the Downloads page currently doesn’t have the fingerprint and link to the public key of @daringer (Markus Meissner), even though he signs the new Nitropad firmware releases.

FWIW I think the correct fingerprint of that key is CC74 B712 0BFA A36F F428 6872 4C14 49F1 C980 4176, but it would be nice to have confirmation (here, but also on the website and in other places).

For the Nitrokey firmware there is not even a signature file published with the release; it would be nice if there was.

That said, I like your products! Great work!

1 Like

Hey @newNKuser

updated my github profile page to list it: daringer (Markus Meissner) · GitHub

Furthermore, the Nitrokey 3 Firmware has a signed binary inside the (zip) package, which is checked during firmware upload - so that why there is no need for an additional detached sign next to the files.


1 Like