Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: document release signing and verification
Fixes #7257
- Loading branch information
Showing
5 changed files
with
307 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,138 @@ | ||
This file contains the PGP keys that are and have been used to sign | ||
rclone releases. | ||
|
||
Users: pgp < KEYS | ||
or | ||
gpg --import KEYS | ||
|
||
Developers: | ||
pgp -kxa <your name> and append it to this file. | ||
or | ||
(pgpk -ll <your name> && pgpk -xa <your name>) >> this file. | ||
or | ||
(gpg --list-sigs <your name> && gpg --armor --export <your name>) >> this file. | ||
|
||
pub dsa1024 2001-09-27 [SCA] | ||
FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA | ||
uid [ultimate] Nick Craig-Wood <nick@craig-wood.com> | ||
sig 3 93935E02FF3B54FA 2001-09-27 Nick Craig-Wood <nick@craig-wood.com> | ||
sig 3 93935E02FF3B54FA 2020-02-03 Nick Craig-Wood <nick@craig-wood.com> | ||
sig 3 93935E02FF3B54FA 2001-09-27 Nick Craig-Wood <nick@craig-wood.com> | ||
sig A54E275E4248E016 2019-11-04 [User ID not found] | ||
sig CB0DBEBC5F32C81D 2023-09-03 Nick Craig-Wood <nick@craig-wood.com> | ||
sub elg2048 2001-09-27 [E] | ||
sig 93935E02FF3B54FA 2001-09-27 Nick Craig-Wood <nick@craig-wood.com> | ||
|
||
pub rsa4096 2022-09-16 [SC] | ||
E3B358DC858FB307F48170B9CB0DBEBC5F32C81D | ||
uid [ultimate] Nick Craig-Wood <nick@craig-wood.com> | ||
sig 3 CB0DBEBC5F32C81D 2022-09-16 Nick Craig-Wood <nick@craig-wood.com> | ||
sig 93935E02FF3B54FA 2023-09-03 Nick Craig-Wood <nick@craig-wood.com> | ||
sub rsa4096 2022-09-16 [E] | ||
sig CB0DBEBC5F32C81D 2022-09-16 Nick Craig-Wood <nick@craig-wood.com> | ||
|
||
-----BEGIN PGP PUBLIC KEY BLOCK----- | ||
|
||
mQGiBDuy3V0RBADVQOAF5aFiCxD3t2h6iAF2WMiaMlgZ6kX2i/u7addNkzX71VU9 | ||
7NpI0SnsP5YWt+gEedST6OmFbtLfZWCR4KWn5XnNdjCMNhxaH6WccVqNm4ALPIqT | ||
59uVjkgf8RISmmoNJ1d+2wMWjQTUfwOEmoIgH6n+2MYNUKuctBrwAACflwCg1I1Q | ||
O/prv/5hczdpQCs+fL87DxsD/Rt7pIXvsIOZyQWbIhSvNpGalJuMkW5Jx92UjsE9 | ||
1Ipo3Xr6SGRPgW9+NxAZAsiZfCX/19knAyNrN9blwL0rcPDnkhdGwK69kfjF+wq+ | ||
QbogRGodbKhqY4v+cMNkKiemBuTQiWPkpKjifwNsD1fNjNKfDP3pJ64Yz7a4fuzV | ||
X1YwBACpKVuEen34lmcX6ziY4jq8rKibKBs4JjQCRO24kYoHDULVe+RS9krQWY5b | ||
e0foDhru4dsKccefK099G+WEzKVCKxupstWkTT/iJwajR8mIqd4AhD0wO9W3MCfV | ||
Ov8ykMDZ7qBWk1DHc87Ep3W1o8t8wq74ifV+HjhhWg8QAylXg7QlTmljayBDcmFp | ||
Zy1Xb29kIDxuaWNrQGNyYWlnLXdvb2QuY29tPohXBBMRAgAXBQI7st1dBQsHCgME | ||
AxUDAgMWAgECF4AACgkQk5NeAv87VPoPswCfaetrHxFhv6vpjadYWc6tyAZJHD4A | ||
n2IfppvFB0vdOFgYBz/+u/6rN4p1iHEEExEIADEFCwcKAwQDFQMCAxYCAQIXgBYh | ||
BPv3N+zp+KsYYEvSrJOTXgL/O1T6BQJeODZSAhkBAAoJEJOTXgL/O1T6WaYAniMf | ||
kXJQvNK2OKy5O8ctNXPobjh5AJ9pHlAZkU+x56cTmJzZZ5BwFya2gYhXBBMRAgAX | ||
BQI7st1dBQsHCgMEAxUDAgMWAgECF4AACgkQk5NeAv87VPoPswCgwDDvPZfRHenT | ||
ca1r22pCum0FSlkAniLGFmVYPIcnMMF9OxQ6wBy34oZGiQIzBBABCgAdFiEEje07 | ||
Kgm0YIzmpewHpU4nXkJI4BYFAl3Ap2EACgkQpU4nXkJI4BYFjw//Y3MtrkqtACWp | ||
idlcLHRYpU+e17dhsZBP2afq56/B2zXFvtYnH0QyGN/YDjHMfK6Zi2Xxem7jg8ww | ||
qH9s7eBAJUwbM6oAuhvQfdqpLCygAAep1ZKhuguSEUvJjoajqPQNjJE/aqini4Es | ||
fnEVuK+y9L+smQvtFFx9U+PV7l6Z9WE3SFYtFvjUBL3FeaIfh36fUyj4xXR17Guj | ||
ADtTHiWR4xElJ16NCj2VhfbE2wxoG2/SHDfHpzjW3B/pRJZOCOvJZcrtZRNqruff | ||
8JGvLObswTlNiTn9rjc5lCPkMhnEke5i20BIymlPMlaNCE64AkkB/FDFed69b7u8 | ||
R1E1LivBL0qoXIt1s8E+UW9ADBCxwloFeHroZhDPs6Y00EK+hGSJonB1pzguVc0u | ||
MA9v9Gfcx099KQbfuSZefBCzpkktsmulb/59WEfK1Q4oVjdmCUG3/qwmLzAilzs6 | ||
YaD75V6lp1lCON2jWod5xYSPsuvo2T0Exj4Q5MZcLVwqzH4UnmJPqdRVxWhhJEDE | ||
qlsU+t0LCpDt4saVI5A91k5HMqFOJpX2hbLEx5OG3/gksED6FcZd1mwUVWEChjC0 | ||
L6UNqpQZi+bNAX0CxY9XeqEIMN/EhLDbmLEwUHgMC3G4hX813k23mSWHBRsa0Mik | ||
PCXX3tRioqPNF5ALl4gOmnF6ZD+WAQeJAjMEEAEIAB0WIQTjs1jchY+zB/SBcLnL | ||
Db68XzLIHQUCZPRnNAAKCRDLDb68XzLIHZSAD/oCk9Z0xJfbpriphTBxFy7bWyPK | ||
F1lM1GZZaLKkktGfunf1i0Q7rhwpNu+u1launlOTp6ZoY36Ce2Qa1eSxWAQdjVaj | ||
w9kOHXCAewrTREOMY/mb7RVGjajo0Egl8T9iD3JRyaxu2iVtbpZYuqehtGG28CaC | ||
zmtqE+EJcx1cGqAGSuuaDWRYlVX8KDip44GQB5Lut30vwSIoZG1CPCR6VE82u4cl | ||
3mYZUfcJkCHsiLzoeadVzb+fOd+2ybzBn8Y77ifGgM+dSFSHe03mFfcHPdp0QImF | ||
9HQR7XI0UMZmEJsw7c2vDrRa+kRY2A4/amGn4Tahuazq8g2yqgGm3yAj49qGNarA | ||
au849lDr7R49j73ESnNVBGJ9ShzU4Ls+S1A5gohZVu2s1fkE3mbAmoTfU4JCrpRy | ||
dOuL9xRJk5gbL44sKeuGODNshyTPJzG9DmRHpLsBn59v8mg5tqSfBIGqcqBxxnYH | ||
JnkK801MkaLW2m7wDmtz6P3TW86gGukzfIN3/OufLjnpN3Nx376JwWDDIyif7sn6 | ||
/q+ZMwGz9uLKZkAeM5c3Dh4ygpgliSLoV2bZzDz0iLxKWW7QOVVdWHmlEqbTldpQ | ||
7gUEPG7mxpzVo0xd6nHncSq0M91x29It4B3fATx/iJB2eardMzSsbzHiwTg0eswh | ||
YYGpSKZLgp4RShnVAbkCDQQ7st2BEAgAjpB0UGDf/FrWAUo9jLWKFX15J0arBZkY | ||
m+iRax8K8fLnXzS2P+9Q04sAmt2qCUxK9681Nd7xtPrkPrjbcACwuFyH3Cr9o2qs | ||
eiVNgAHPFGKCNxLX/9PKWfmdoZTOVVBcNV+sOTcx382uR04WPuv9jIwXT6JbCkXP | ||
aoCMv3mLnB9VnWRYatPYCaK8TXAPWxZP8lrcUMjQ1GRTQ1vP9rRMp7iaXyItW1le | ||
lNFvHEII92QddeBLK7V5ng2sX/BMm6/AafXZMnUQX3lpWQfEBTDT4qYsZ1zIEb4g | ||
q4dqauyNYgBcZdX//8oDE+BS2FxxDTccyOW0Wyt2Z6flDTfhgzd46wADBQf+MAqI | ||
gADwulmZk+e30Znj46VmnbZUB/J8M4WXg6X5xaOQsCCMAWybmCc4pxFIT/1c/GdC | ||
qSHDv5nKBi5QyBMMn33/kgzVRAveihL6gWsNoT31Lxst457XuyRx1dwD8rzdWoP2 | ||
b3etBGdu0P7vnOoqRmf1Y0XIoJeDk/o8U901hG2VAo5zAVH2YdEtSZqlBIAzxjak | ||
KAAtnsZWIpBxrz9NPVOBmT18kxlgZ7P4iU4/FMnGOfzT6/LCTj/B0hZKJCP7y7lH | ||
NP2yOabvvBsxU0ZGph1b8R6Zb1nP2+LQIi8kaBs8ypy7HDx7/mWe5DoyLe4NHQ/Z | ||
E0gCEWt1mlVIwTzFBohGBBgRAgAGBQI7st2BAAoJEJOTXgL/O1T6YsEAoLZx0XLt | ||
4tpAC/LNwTZUrodUiOckAKC4DTRvEtC4nj5EImssVk/xmU3ax5kCDQRjJI69ARAA | ||
wCCaKZZmZe8mmusRuoHrqeVImFo+JUTNiktszB/l97INgZCSpVGFOcc4l4Weoioy | ||
hObJV5wnpFjhadhpiRG1XYzNYi6vNKz8lsUkFxfkIFiXU2kRkwtQShiWf4LmobDQ | ||
sY9SXRK2cVEFQwOqK9E0k99ZKoaQ31aqq1zcAzkRlBrJmjgmRJHX3DltA7z676Ap | ||
YEJgAkDRBXFe3zViuxZ0/MMYqtwsbePvOMkXlPmQJ8havOjZRa0mEZtDekMt11vv | ||
1bG1qFebMFuwYVd7YZ1kzL8NU8gNOtuW0E67Ts5voZdlZiQAbDke9V9uj9+hfae6 | ||
vICrZ7eriPGVD6BetGNjUNFN+8fwHMycOvvHjZ/JlN8lCfw4ImK4F18ms51pqD74 | ||
3w0b2VvoQOkkCzEyUReTixh60aMIabx8so4BmFdi7cK9E+4/WU933d+dSEVgr9Hp | ||
ast2WoNTo7cPWgIcxSctWvq9AIULLDVytI2BVRbIRL5vZHNIlE839AVbef8SP5Vc | ||
V+8xjNRw3bzpxhnu4TqYTrvexvq7YOsMxVc9qqN2w8w+Q6jL/0Hjq2fUouV6JH/u | ||
6GY1vo9dCOXMROS/fD3qJfDIb/NZuYqnt2jQArJW2YVxL+4DE7yKvSNaHGY5kwEV | ||
BrQCCTb16ANWxUHkBBuSP2+hYKrVQPAisdsovHRgcF0AEQEAAbQlTmljayBDcmFp | ||
Zy1Xb29kIDxuaWNrQGNyYWlnLXdvb2QuY29tPokCTgQTAQgAOBYhBOOzWNyFj7MH | ||
9IFwucsNvrxfMsgdBQJjJI69AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ | ||
EMsNvrxfMsgdxW8QAIckFmxogPfLD6kqIoiZerqPRcz5rYBfxa7lgQkuoLaqWhCP | ||
QR+e5Ug3bqxexkYQrTyZwqzTTgntTTWt4hSg75mgAujMQh1bsYbxcSHiLSh3Q8bO | ||
AaX3o+ewycqKRvaVLYD7m/f8ZHgjRdwtEV3M9tVIOpa/KB51+3PM23Kx7pWP8RnT | ||
mLhbxDCQTYE4yiLFPBIoG8NH1raLXonvLHP+wFs2OJ18fkq3DHTKK48dTRs/QyNl | ||
/kgmuFUv/SyXDEoe9XdweNnN4N005R7bHW9iJEoV8KBFJi9/K89jokwrrRCUk1Pz | ||
p/QXSKYLX59uqufL4LQOCtEhmVJPTQKCd4eUhvCva70efRm1fwqV/PHJDXB2Y84Q | ||
oBPyxitFJGvBc1RsB3t1iO9IAuWnfFLYBayVGbpHseO5RdgJT/Q1hWeZTFi3vfXX | ||
snuDSl5FcjLhDVe5rrAa/oAGki2fA7YOeK7PB0uwK7O8s2ZErDHnV99zYMVy7hnY | ||
LhxDhic4mQ/1uJ/6mcEO+6NU4FM6EA0Bt28WTgRyOM2WnZ8xjBBmHtV4ucvmbQn1 | ||
CCZUCe6HG06l8/soaMKiCZFS0CKwed9ymhlHPp5nyD3CJw53EKdEDQAjSOxc9sI0 | ||
L5/P73ijRkOVz5xMtyxXXAnsyVa0yXo/rbzBGjKMcJeuAa1168a3ydu0gMMWiF0E | ||
EBEIAB0WIQT79zfs6firGGBL0qyTk14C/ztU+gUCZPRnIgAKCRCTk14C/ztU+nDL | ||
AJ99G+k/+uCkMnJuQazlb10HeiF4DwCgx+BNLTMkLduN9F+bqPsKq0oVsCa5Ag0E | ||
YySOvQEQALoUUvMMNBKr7xMUVSe/lvBQUhzdthcDARdCf5m/UQoBYdyfYEA7m0x1 | ||
5fKMl2duZdT9pYTSt60LeRXiC4bJaMCl60Nb2gwPF7ko32TFLpEyRHznVeEw+ExV | ||
OU82lOWwI6AOFwHO4hL+wgK5RXV9qgve3n30ccTvKRHpjmQSa2YD3S5pO20KRsJt | ||
iU8nm1+e7zXGEqWvR3L4QhJtN4Xtda+Gv95lH22Y+XnHri9MNMYbXrhTrOAig1ne | ||
5GF3goG/yps6QyoV2zdY+Zqojpi9sCtRdiwbETbp8izQNV53QBqORIILBuzZpmqJ | ||
gSNbbFsAdJkmPfLbjx57BieF2YUvsl0DtVc8KdN6UCrhQF2CNaGdWWpJyKF6AHkE | ||
iIt0npvlgAM8ZZ0y0WF5XqefvIEMx7DmpKZ822gvR2aTmDJzPhgFTVhelVHDJ6NS | ||
l5FUhA+DB1U7SwFULc2VFJdDa2zrnM0T+bz5cc8mi1zazzcBklzLNpRoT0Iex2LC | ||
+KPFmsBbObKGffvDwQkEJgBJ9FweRGLfiHOo1V4E+QwIZhoch/H5u9+2J3Hp0S/r | ||
H6Jn97AjYZMUVZBC4rICBaIevqaIuP/Qno2hRSkccF388lLBWRW/qa8vaRpk9Xgt | ||
8umvLmnumEKmmWxF6rHZu34ijgnaWfuunydfiu/v0kd6H5tO8h9NABEBAAGJAjYE | ||
GAEIACAWIQTjs1jchY+zB/SBcLnLDb68XzLIHQUCYySOvQIbDAAKCRDLDb68XzLI | ||
HcZpD/oCT20Tufzh3YvRqd7+nAziHzPoz15bkd0Y2B9wAQ4kkT4o6/vSSqpQeBAL | ||
UVh54cTaMkyFUTr53U5rK0QyEFrwa1j6wQvHSbOhaCAVacii9n8eyELI0755eCAN | ||
7w7mRsS05hTgKdQwn4TKnb9FvST+TMyyBcL8IPnHcmYbiX1repRlUZ5VvyWtQDO2 | ||
Z3BISWtOnMJjItQ9N8zj3KkeLVtWennroYpDEJo2qpb5Ga320Mijoh0Mm8r3uM7o | ||
rarpfnEsUGiko++elHVbgv7iTxyfxV+ny14ROAcY6VtF8a6MUflKYnAJytD9fwGt | ||
2+Of7CB72b3Zq47XLh7FXozqWL2zCVrU5u55NXKGaSRXmPec54RrtAF0BfGpkbHZ | ||
W4xOS2E4IzBNf3rhh7Nj+4MCGmx7RuRzHvlkltS38ktXQmUfch8pFhLKW8byxFhu | ||
Je3QS3vnKmA2dQzHKZDQj8uyHUUD0WQlBtaY2p7G4zFhuC+xNHDs8Xbo+NCgsmg7 | ||
8qSub42rXViT0kK9xeAKr3qKbumQqIfXHWQvamFHJeIpvrLEffhWKZc83PXpL9wY | ||
JP/Rm0jTtKJeqD8w7rnafOi9qKyE2FgpltdWzsUSPDjqMlCgCrggqtUzTgKYl1S/ | ||
6jXcPGkEadKE/t3kelkupnlwlyVLxF7NaIrb8fAqCau0MWIh4g== | ||
=Iv9u | ||
-----END PGP PUBLIC KEY BLOCK----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,158 @@ | ||
--- | ||
title: "Release Signing" | ||
description: "How the release is signed and how to check the signature." | ||
--- | ||
|
||
# Release signing | ||
|
||
The hashes of the binary artefacts of the rclone release are signed | ||
with a public PGP/GPG key. This can be verified manually as described | ||
below. | ||
|
||
The same mechanism is also used by [rclone selfupdate](/commands/rclone_selfupdate/) | ||
to verify that the release has not been tampered with before the new | ||
update is installed. This checks the SHA256 hash and the signature | ||
with a public key compiled into the rclone binary. | ||
|
||
## Release signing key | ||
|
||
You may obtain the release signing key from: | ||
|
||
- From [KEYS](/KEYS) on this website - this file contains all past signing keys also. | ||
- The git repository hosted on GitHub - https://github.com/rclone/rclone/blob/master/docs/content/KEYS | ||
- `gpg --keyserver hkps://keys.openpgp.org --search nick@craig-wood.com` | ||
- `gpg --keyserver hkps://keyserver.ubuntu.com --search nick@craig-wood.com` | ||
- https://www.craig-wood.com/nick/pub/pgp-key.txt | ||
|
||
After importing the key, verify that the fingerprint of one of the | ||
keys matches: `FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA` as this key is used for signing. | ||
|
||
We recommend that you cross-check the fingerprint shown above through | ||
the domains listed below. By cross-checking the integrity of the | ||
fingerprint across multiple domains you can be confident that you | ||
obtained the correct key. | ||
|
||
- The [source for this page on GitHub](https://github.com/rclone/rclone/blob/master/docs/content/release_signing.md). | ||
- Through DNS `dig key.rclone.org txt` | ||
|
||
If you find anything that doesn't not match, please contact the | ||
developers at once. | ||
|
||
## How to verify the release | ||
|
||
In the release directory you will see the release files and some files called `MD5SUMS`, `SHA1SUMS` and `SHA256SUMS`. | ||
|
||
``` | ||
$ rclone lsf --http-url https://downloads.rclone.org/v1.63.1 :http: | ||
MD5SUMS | ||
SHA1SUMS | ||
SHA256SUMS | ||
rclone-v1.63.1-freebsd-386.zip | ||
rclone-v1.63.1-freebsd-amd64.zip | ||
... | ||
rclone-v1.63.1-windows-arm64.zip | ||
rclone-v1.63.1.tar.gz | ||
version.txt | ||
``` | ||
|
||
The `MD5SUMS`, `SHA1SUMS` and `SHA256SUMS` contain hashes of the | ||
binary files in the release directory along with a signature. | ||
|
||
For example: | ||
|
||
``` | ||
$ rclone cat --http-url https://downloads.rclone.org/v1.63.1 :http:SHA256SUMS | ||
-----BEGIN PGP SIGNED MESSAGE----- | ||
Hash: SHA1 | ||
f6d1b2d7477475ce681bdce8cb56f7870f174cb6b2a9ac5d7b3764296ea4a113 rclone-v1.63.1-freebsd-386.zip | ||
7266febec1f01a25d6575de51c44ddf749071a4950a6384e4164954dff7ac37e rclone-v1.63.1-freebsd-amd64.zip | ||
... | ||
66ca083757fb22198309b73879831ed2b42309892394bf193ff95c75dff69c73 rclone-v1.63.1-windows-amd64.zip | ||
bbb47c16882b6c5f2e8c1b04229378e28f68734c613321ef0ea2263760f74cd0 rclone-v1.63.1-windows-arm64.zip | ||
-----BEGIN PGP SIGNATURE----- | ||
iF0EARECAB0WIQT79zfs6firGGBL0qyTk14C/ztU+gUCZLVKJQAKCRCTk14C/ztU | ||
+pZuAJ0XJ+QWLP/3jCtkmgcgc4KAwd/rrwCcCRZQ7E+oye1FPY46HOVzCFU3L7g= | ||
=8qrL | ||
-----END PGP SIGNATURE----- | ||
``` | ||
|
||
### Download the files | ||
|
||
The first step is to download the binary and SUMs file and verify that | ||
the SUMs you have downloaded match. Here we download | ||
`rclone-v1.63.1-windows-amd64.zip` - choose the binary (or binaries) | ||
appropriate to your architecture. We've also chosen the `SHA256SUMS` | ||
as these are the most secure. You could verify the other types of hash | ||
also for extra security. `rclone selfupdate` verifies just the | ||
`SHA256SUMS`. | ||
|
||
``` | ||
$ mkdir /tmp/check | ||
$ cd /tmp/check | ||
$ rclone copy --http-url https://downloads.rclone.org/v1.63.1 :http:SHA256SUMS . | ||
$ rclone copy --http-url https://downloads.rclone.org/v1.63.1 :http:rclone-v1.63.1-windows-amd64.zip . | ||
``` | ||
|
||
### Verify the signatures | ||
|
||
First verify the signatures on the SHA256 file. | ||
|
||
Import the key. See above for ways to verify this key is correct. | ||
|
||
``` | ||
$ gpg --keyserver keyserver.ubuntu.com --receive-keys FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA | ||
gpg: key 93935E02FF3B54FA: public key "Nick Craig-Wood <nick@craig-wood.com>" imported | ||
gpg: Total number processed: 1 | ||
gpg: imported: 1 | ||
``` | ||
|
||
Then check the signature: | ||
|
||
``` | ||
$ gpg --verify SHA256SUMS | ||
gpg: Signature made Mon 17 Jul 2023 15:03:17 BST | ||
gpg: using DSA key FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA | ||
gpg: Good signature from "Nick Craig-Wood <nick@craig-wood.com>" [ultimate] | ||
``` | ||
|
||
Verify the signature was good and is using the fingerprint shown above. | ||
|
||
Repeat for `MD5SUMS` and `SHA1SUMS` if desired. | ||
|
||
### Verify the hashes | ||
|
||
Now that we know the signatures on the hashes are OK we can verify the | ||
binaries match the hashes, completing the verification. | ||
|
||
``` | ||
$ sha256sum -c SHA256SUMS 2>&1 | grep OK | ||
rclone-v1.63.1-windows-amd64.zip: OK | ||
``` | ||
|
||
Or do the check with rclone | ||
|
||
``` | ||
$ rclone hashsum sha256 -C SHA256SUMS rclone-v1.63.1-windows-amd64.zip | ||
2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 0 | ||
2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 1 | ||
2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 49 | ||
2023/09/11 10:53:58 NOTICE: SHA256SUMS: 4 warning(s) suppressed... | ||
= rclone-v1.63.1-windows-amd64.zip | ||
2023/09/11 10:53:58 NOTICE: Local file system at /tmp/check: 0 differences found | ||
2023/09/11 10:53:58 NOTICE: Local file system at /tmp/check: 1 matching files | ||
``` | ||
|
||
### Verify signatures and hashes together | ||
|
||
You can verify the signatures and hashes in one command line like this: | ||
|
||
``` | ||
$ gpg --decrypt SHA256SUMS | sha256sum -c --ignore-missing | ||
gpg: Signature made Mon 17 Jul 2023 15:03:17 BST | ||
gpg: using DSA key FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA | ||
gpg: Good signature from "Nick Craig-Wood <nick@craig-wood.com>" [ultimate] | ||
gpg: aka "Nick Craig-Wood <nick@memset.com>" [unknown] | ||
rclone-v1.63.1-windows-amd64.zip: OK | ||
``` |