How to verify release

[freddiemacd]

I'm new to gpg and I feel like I'm missing something.

How do I properly verify the release on Ubuntu?

First i did

wget https://github.com/cryptoadvance/specter-desktop/releases/download/v1.2.2/specter_desktop-v1.2.2-x86_64-linux-gnu.tar.gz

Then I did,

wget https://stss-specter-release.asc

I then,

gpg --import ss-specter-release.asc

and I saw the expected output.

What next, to be sure the file was signed by that key?

[ben-kaufman]

Hi, now you should just run:

wget https://github.com/cryptoadvance/specter-desktop/releases/download/v1.2.2/sha256.signed.txt
gpg --verify sha256.signed.txt
sha256sum -c sha256.signed.txt specter_desktop-v1.2.2-x86_64-linux-gnu.tar.gz | grep OK

And make sure you have an OK there in the output of the last command (and that the verify command passes successfully)

[freddiemacd]

Thank you for that. It has helped me to understand gpg more and to verify your software.