You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ElongatedVeggie 555288cdec
Added Cryptomator
1 month ago
Notices updated pgp key, added prev keys and new dir 4 months ago
Verify Added Cryptomator 1 month ago
LICENSE Initial commit 7 months ago
README.md Added Cryptomator 1 month ago
pubkeys.md updated pgp key, added prev keys and new dir 4 months ago
pubkeys.md.minisig signed pubkeys file 4 months ago

README.md

AlwaysVerify

This repository is for taking snapshots of hashes, PGP key fingerprints and more or sometimes even help people find the keys that are hidden in obscure places. More sites to check out and create a web of trust:

https://artemislena.eu/services/verify.html

https://jonaharagon.com/verify/

https://navic.codeberg.page/verify/index.html

(feel free to add yours with an issue or a PR)


Available files:


Okay, but how do I verify?

This guide assumes you use Linux + you have gpg installed and will not go over how to verify the actual file (such as an iso of an OS or the apk of a file), but instead it will show you how to verify the key validity you got.

PGP Fingerprints:

gpg --fingerprint will show you all the fingerprints of the keys you have in your keyring. If you do not wish to import the key, you can simply type echo 'key-goes-here' | gpg and it will show you the details of a key, including the fingerprint

Sha256 fingerprint

https://developer.android.com/studio/command-line/apksigner#usage-verify

Sha256 hashes

sha256sum /path/to/filename and if you have a checksum file you can do sha256sum -c /path/to/checksum (the checksum and the actual file have to be in the same folder).

Please also keep in mind that hashes are better used for file integrity checking, rather than validity.

I will not be very consistent with updating hashes, because I don't want to encourage developers to not sign their releases and just release hashes and I just might miss it.


Please, do not trust this repository 100% as the whole point is to create a web of trust and distribute it. My announcements such as key changes will be in notices