- Get benma’s public key
- Download the BitBoxApp and .asc file
- Place BitBoxApp and .asc file in separate folder
- Verify signatures
In order to verify the downloaded BitBoxApp please do the following:
Info: Benma is the lead developer of the BitBoxApp.
Run in your command line:
curl https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import
Download both from Github
Do not install the BitBoxApp yet.
If you have already downloaded the BitBoxApp from our website then just download the .asc file that corresponds to your operating system.
Create a new folder and move both, the uninstalled/unzipped BitBoxApp file and the .asc file into that folder.
On your command line navigate into the newly created folder and run the following command:
gpg --verify BitBox-4.13.1-macOS.zip.asc
(Depending on when you do this update the command to use the corresponding .asc file you just dowloaded).
gpg --verify BitBox-4.13.1-macOS.zip.asc gpg: assuming signed data in 'BitBox-4.13.1-macOS.zip' gpg: Signature made <DATE AND TIME> gpg: using RSA key 2D8876810AB092E451DCA894804538928C37EAE8 gpg: Good signature from "Marko Bencun <email@example.com>" [ultimate] gpg: aka "Marko Bencun <firstname.lastname@example.org>" [ultimate]
(The [ultimate] could say [unknown] or something else depending on your trust level.)