I don’t know how to verify my downloaded files. The provided verification instructions probably leave out some very basic steps which I don’t know. And how would I proceed with the installation after the downloaded files are verified?
- Copy the public key into a text file, such as crypkey.pub
- run
gpg --import crypkey.pub
- verify the key ID is the same as the last two blocs of the "fingerprint" they give on the website
- Download the archive:
wget -c https://download.crypto.cat/client/Cryptocat-linux-x64.zip
- Unzip the application file and the signature file from the archive:
unzip Cryptocat-linux-x64.zip
- Verify the file and signature using the (now stored) public key:
gpg --verify Cryptocat.zip.asc Cryptocat.zip
ouroumov@Box:~/Desktop$ pluma crypkey.pub ouroumov@Box:~/Desktop$ gpg --import crypkey.pub gpg: /home/ouroumov/.gnupg/trustdb.gpg: trustdb created gpg: key 8453F85F: public key "Nadim Kobeissi <[email protected]>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) ouroumov@Box:~/Desktop$ wget -c https://download.crypto.cat/client/Cryptocat-linux-x64.zip --2016-08-03 17:00:59-- https://download.crypto.cat/client/Cryptocat-linux-x64.zip Resolving download.crypto.cat (download.crypto.cat)... 167.114.234.163 Connecting to download.crypto.cat (download.crypto.cat)|167.114.234.163|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 43006788 (41M) [application/zip] Saving to: ‘Cryptocat-linux-x64.zip’
Cryptocat-linux-x64 100%[===================>] 41,01M 1,23MB/s in 34s
2016-08-03 17:01:33 (1,21 MB/s) - ‘Cryptocat-linux-x64.zip’ saved [43006788/43006788]
ouroumov@Box:~/Desktop$ unzip Cryptocat-linux-x64.zip Archive: Cryptocat-linux-x64.zip extracting: Cryptocat.zip inflating: Cryptocat.zip.asc ouroumov@Box:~/Desktop$ gpg --verify Cryptocat.zip.asc Cryptocat.zip gpg: Signature made mar. 02 août 2016 13:47:33 CEST using RSA key ID 8453F85F gpg: Good signature from "Nadim Kobeissi <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 94B8 4193 A00C FA50 F4DC 7475 8457 F623 8453 F85F ouroumov@Box:~/Desktop$
1 Like
Thanks so much, the verification process worked brilliantly! From the screenshots on the website it looks like it has a GUI but I have not been able to get it to run. How do I get Cryptocat.zip.asc installed? Is it normal in a GNU/Linux-based environment that unzipped files still have the .zip ending included in the file extension (.zip.asc)?
No the .asc is just the signature of the Cryptocat.zip file, which is just a normal archive.
Basically there was a .zip file in a .zip file.
So to get at the application, you now need to unzip Cryptocat.zip
Cheers
1 Like