diff options
Diffstat (limited to 'posts/verify-with-signify.md')
| -rw-r--r-- | posts/verify-with-signify.md | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/posts/verify-with-signify.md b/posts/verify-with-signify.md index 37dbb34..039ac8c 100644 --- a/posts/verify-with-signify.md +++ b/posts/verify-with-signify.md @@ -13,9 +13,9 @@ _signature_. A portable version of the tool is available ### Obtaining the signature and checksum -If you decide to use `signify` to verify downloaded files, you need to obtain -the detached signature linked on the respective project page and the public -release key (see below). Otherwise, you only need to fetch the checksum. +Whether or not you decide to use `signify` to verify downloaded files, you need +to obtain the detached signature linked on the respective project page. It +contains the signature as well as the checksum. ### Obtaining the public key @@ -38,7 +38,7 @@ verifications. Once you have downloaded my public key, run the following to verify your download: - $ signify -C -p release.pub -x <snapshot>.SHA256.sig + $ signify -C -p release.pub -x <snapshot>.asc Signature Verified <snapshot>: OK @@ -47,5 +47,5 @@ download: Alternatively, if you don't want to install `signify`, you can use the `sha256sum` tool to only verify the integrity of the download: - $ sha256sum -c <snapshot>.SHA256 + $ tail -n1 <snapshot>.asc | sha256sum -c <snapshot>: OK |