Release notes
- Fix a conversion rates updater bug
Verifying the release
Get benma's public key:
curl 'https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor daemon proxy:
curl --socks5-hostname localhost:9050 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor browser proxy:
curl --socks5-hostname localhost:9150 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
Download the app for your platform and the corresponding .asc
file and place them in the same folder.
We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.
To verify the signature, execute:
gpg --verify BitBox-4.28.2-macOS.zip.asc
You should see the following output:
gpg --verify BitBox-4.28.2-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.28.2-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg: using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg: aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]
(The [ultimate]
could say [unknown]
or something else depending on your trust level.)