Changelog
This is the initial release of cpass
.
Verifying the signature
cpass
binaries are packaged with a PGP signature to verify the authenticity of the builds. gpg
is required to verify signatures like this. You can fetch and import the signing key by executing the following:
curl https://raw.githubusercontent.com/AlexSSD7/cpass/5d7c7b11097c50f68e5f0be50cbe436f5608a6b3/keys/AlexSSD7.key | gpg --import
Once you have imported the key, you can run the following to verify the signature of the file with SHA-256 hashes:
gpg --verify cpass_sha256_v0.1.0.txt.sig cpass_sha256_v0.1.0.txt
You should then see something like this:
gpg: Signature made Mon 09 Oct 2023 09:44:18 AM BST
gpg: using RSA key F7231DFD3333A27F71D171383B627C597D3727BD
gpg: Good signature from "AlexSSD7 <[email protected]>" [ultimate]
Please ensure that the key ID is F7231DFD3333A27F71D171383B627C597D3727BD
After the signature is verified successfully, you may now open the hashes file (cpass_sha256_v0.1.0.txt
) and compare the checksums. You can generate a checksum by executing the following command:
sha256sum <file path>