BitBoxApp: Verify release

Table of contents

  1. Get benma’s public key
  2. Download the BitBoxApp and .asc file
  3. Place BitBoxApp and .asc file in separate folder
  4. Verify signatures

In order to verify the downloaded BitBoxApp please do the following:

Get benma’s public key

Info: Benma is the lead developer of the BitBoxApp.

Run in your command line:

curl https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import

Download the BitBoxApp and .asc file

Download both from Github

Do not install the BitBoxApp yet.

If you have already downloaded the BitBoxApp from our website then just download the .asc file that corresponds to your operating system.

Place BitBoxApp and .asc file in separate folder

Create a new folder and move both, the uninstalled/unzipped BitBoxApp file and the .asc file into that folder.

Verify signatures

On your command line navigate into the newly created folder and run the following command:

gpg --verify BitBox-4.13.1-macOS.zip.asc

(Depending on when you do this update the command to use the corresponding .asc file you just dowloaded).

You should then see the following:

gpg --verify BitBox-4.13.1-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.13.1-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)