To ensure integrity and authenticity of our software each folder contains some special files:
md5sums) and SHA256 (
sha256sums), to verify that the file you downloaded is the same that we produced.
*sumsfiles were signed using GPG. The files *sums.asc contain the signatures, thus you can make sure, that the
*sumsfiles weren't modified/compromised. To verify the signature you need the public key
8D2DD9BDof Martin Scharm. If you don't already have it you can drop us an email or trust another web server and download the key.
md5sum FILE openssl md5 < FILE gpg --print-md MD5 FILE
8D2DD9BDin your keyring. If that's the case simply run:
gpg --verify md5sums.asc md5sumsYou should get an result that contains
Good signatureat some place. authorship