Skip to content

Authenticity

Jump to bottom
Florian Keller edited this page Apr 12, 2019 · 10 revisions

Introduction

You can check the authenticity of our Windows wrapper when you compare it's Certificate Fingerprint & File Checksum. These values are listed on our Download page.

Screenshot

Screenshot

Windows: Check File Checksum

  • certUtil -hashfile ./WireSetup.exe SHA256

Screenshot

Screenshot

Remove spaces from checksum: "ed a5 f6...".replace(/ /g, '');

Note

certUtil is part of Visual Studio's "ClickOnce Publishing Tools".

Windows: Check Certificate Fingerprint (Windows Fingerprint)

The fingerprint does not change unless we use a new certificate. It can be verified using the the certificate details on WireSetup.exe:

Screenshot

macOS & Linux: Verify checksums and signature

  1. Import our PGP signing key to be able to verify the downloaded files

     wget -q https://wire-app.wire.com/linux/releases.key -O- | gpg --import

  2. Verify the checksum file's signature via gpg

     gpg --verify sha256sum.txt.asc

  3. Verify the downloaded files via checksum file

    • macOS: shasum -a 256 -c sha256sum.txt.asc
    • Linux: sha256sum -c sha256sum.txt.asc
Clone this wiki locally