Release notes
- Disable Safello
- BitBox02 detection / routing bugfix for Android
- Reduce BitBox01 min. recovery password length
Verifying the release
Get benma's public key:
curl https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --importDownload the app for your platform and the corresponding .asc file and place them in the same folder.
We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.
To verify the signature, execute:
gpg --verify BitBox-4.17.1-macOS.zip.ascYou should something similar to the following output (the info might be arranged differently depending on your platform and gpg tool):
gpg --verify BitBox-4.17.1-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.17.1-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg: using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg: aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]
(The [ultimate] could say [unknown] or something else depending on your trust level.)
Some tools also display the sort subkey ID 8C37EAE8, which are the last couple of characters of the signing subkey 2D8876810AB092E451DCA894804538928C37EAE8.