OneKey

This tutorial aims to help you verify the integrity and authenticity (whether it was signed and released by the OneKey team) of the OneKey App installation package you downloaded using the GPG signature verification tool.

(1) Check the Consistency of the Installation File

First, download the client installation package you wish to verify and the corresponding ASC verification file from <a href="https://github.com/OneKeyHQ/app-monorepo/releases" rel="nofollow noopener noreferrer" target="_blank">the official OneKey GitHub repository</a>. (The example below uses version 5.9.0)

- First, download the client installation package you wish to verify and the corresponding ASC verification file from <a href="https://github.com/OneKeyHQ/app-monorepo/releases" rel="nofollow noopener noreferrer" target="_blank">the official OneKey GitHub repository</a>. (The example below uses version 5.9.0)


Navigate to the directory where the files were downloaded, and execute the command:

shasum -a 256 --check OneKey-Wallet-5.9.0-mac-arm64.dmg.SHA256SUMS.asc

- Navigate to the directory where the files were downloaded, and execute the command:
  shasum -a 256 --check OneKey-Wallet-5.9.0-mac-arm64.dmg.SHA256SUMS.asc

As shown in the image above, the verification result indicates that the checksum matches the file's contents.

The ASC file verification is generated by the OneKey official and requires the use of the GPG tool.

- The ASC file verification is generated by the OneKey official and requires the use of the GPG tool.

If you have not installed GNU Privacy Guard (GPG) on your system previously, you can visit <a href="https://www.gnupg.org/download/index.en.html#binary" rel="nofollow noopener noreferrer" target="_blank">this link</a> to download the suitable version for your system.

- If you have not installed GNU Privacy Guard (GPG) on your system previously, you can visit <a href="https://www.gnupg.org/download/index.en.html#binary" rel="nofollow noopener noreferrer" target="_blank">this link</a> to download the suitable version for your system.

<a href="https://keys.openpgp.org/vks/v1/by-fingerprint/EB68AE544F1FDD8CD264624FB369A67A90BF387B" rel="nofollow noopener noreferrer" target="_blank">Click the link</a> to download the ONEKEY official signing public key to your local device, then double-click the file to import the signature.

- <a href="https://keys.openpgp.org/vks/v1/by-fingerprint/EB68AE544F1FDD8CD264624FB369A67A90BF387B" rel="nofollow noopener noreferrer" target="_blank">Click the link</a> to download the ONEKEY official signing public key to your local device, then double-click the file to import the signature.

In the same directory, execute the following command:

- In the same directory, execute the following command:

gpg --verify OneKey-Wallet-5.9.0-mac-arm64.dmg.SHA256SUMS.asc

As shown in the image above, the ASC file was indeed issued and published by <a href="mailto:dev@onekey.so" rel="nofollow noopener noreferrer" target="_blank">dev@onekey.so</a>.

___________________________________________________________

First, download the Windows installation package and the corresponding version's GPG verification file from <a href="https://github.com/OneKeyHQ/app-monorepo/releases" rel="nofollow noopener noreferrer" target="_blank">the official OneKey GitHub repository</a> (using version 5.9.0 as an example).

- First, download the Windows installation package and the corresponding version's GPG verification file from <a href="https://github.com/OneKeyHQ/app-monorepo/releases" rel="nofollow noopener noreferrer" target="_blank">the official OneKey GitHub repository</a> (using version 5.9.0 as an example).

Open the command line in the directory where the files were downloaded, and execute the command. Here, &lt;file_path&gt; is the address where the installation package is stored after downloading. Check the hash value of the installation file.

- Open the command line in the directory where the files were downloaded, and execute the command. Here, &lt;file_path&gt; is the address where the installation package is stored after downloading. Check the hash value of the installation file.

certutil -hashfile &lt;file_path&gt; SHA256

Use Notepad to open the previously downloaded ASC verification file and compare the hash value in the file with the one displayed above to see if they match.

- Use Notepad to open the previously downloaded ASC verification file and compare the hash value in the file with the one displayed above to see if they match.

Verify if the SHA256SUMS.asc file was generated by the OneKey official team. This step requires the use of the GPG tool. If you have not installed it previously, you can visit this link to download and install the suitable version for your system. It is recommended to choose the GnuPG installation package marked in the image.

- Verify if the SHA256SUMS.asc file was generated by the OneKey official team. This step requires the use of the GPG tool. If you have not installed it previously, you can visit this link to download and install the suitable version for your system. It is recommended to choose the GnuPG installation package marked in the image.

<a href="https://keys.openpgp.org/vks/v1/by-fingerprint/EB68AE544F1FDD8CD264624FB369A67A90BF387B" rel="nofollow noopener noreferrer" target="_blank">Click the link </a>to download the ONEKEY official signing public key to your local device, and import the signing public key in the GPG tool.

- <a href="https://keys.openpgp.org/vks/v1/by-fingerprint/EB68AE544F1FDD8CD264624FB369A67A90BF387B" rel="nofollow noopener noreferrer" target="_blank">Click the link </a>to download the ONEKEY official signing public key to your local device, and import the signing public key in the GPG tool.

After confirming that the import was successful, use the command:

- After confirming that the import was successful, use the command:

to verify if the downloaded ASC file was generated by OneKey official. When you see the success verification message at the bottom, it indicates that the verification has been successful.

Verify OneKey App Packages with GPG Signatures

Website

Shop

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Verify OneKey App Packages with GPG Signatures

macOS Client

(1) Check the Consistency of the Installation File

(2) Verify the ASC File

Windows Client

(1) Check the Consistency of the Installation File

(2) Verify the ASC File