Verify OneKey App Packages with GPG Signatures

This tutorial guides users on how to verify the integrity and authenticity of OneKey App client installation packages on macOS and Windows using checksum and GPG signature verification. The supported installation package platforms for verification are as follows:

Desktop Client Mobile App

macOS Silicon

macOS Intel

Windows

Linux

Android APK

Verify with your Operating System

macOS Windows
  • First, download the OneKey App client installation package you wish to verify to your local machine. 
  • Based on the version number of the client installation package you downloaded, find the corresponding GPG information verification file in the GitHub Release and click the file name to download it (the image below shows the location of the GPG file for v3.3.0).

 
gpg-verify-download-tool.png
  • Navigate to the directory where the files were downloaded and execute the command:

shasum -a 256 --check SHA256SUMS.asc
mac3.png
  • Locate the downloaded installation package (in this case, we downloaded version v3.3.0-mac-arm64) and verify that its checksum matches the contents of the file.
  • The SHA256SUMS file contains checksums for all versions of the installation packages, so you might see warnings for files that are not present. These warnings do not affect the verification result. Just ensure that the checksum for the downloaded package is OK.
  • The SHA256SUMS.asc file is generated by OneKey and needs to be verified using GPG tools. If you haven't installed GNU Privacy Guard (GPG) on your system, you can download it from here. https://www.gnupg.org/download/index.en.html#binary

  • After installing GPG, execute the command to import the public key:

gpg --keyserver keys.openpgp.org --recv-keys EB68AE544F1FDD8CD264624FB369A67A90BF387B
  • Once the key is imported, run the following command in the same directory to verify the signature of the SHA256SUMS.asc file:

  • This will confirm that the SHA256SUMS file was indeed signed by dev@onekey.so.

gpg --verify SHA256SUMS.asc

 

Was this article helpful?
3 out of 8 found this helpful