How to verify and install Cryptocat?

I don’t know how to verify my downloaded files. The provided verification instructions probably leave out some very basic steps which I don’t know. And how would I proceed with the installation after the downloaded files are verified?

  • Copy the public key into a text file, such as crypkey.pub
  • run gpg --import crypkey.pub
  • verify the key ID is the same as the last two blocs of the "fingerprint" they give on the website
  • Download the archive: wget -c https://download.crypto.cat/client/Cryptocat-linux-x64.zip
  • Unzip the application file and the signature file from the archive: unzip Cryptocat-linux-x64.zip
  • Verify the file and signature using the (now stored) public key: gpg --verify Cryptocat.zip.asc Cryptocat.zip
ouroumov@Box:~/Desktop$ pluma crypkey.pub
ouroumov@Box:~/Desktop$ gpg --import crypkey.pub 
gpg: /home/ouroumov/.gnupg/trustdb.gpg: trustdb created
gpg: key 8453F85F: public key "Nadim Kobeissi <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
ouroumov@Box:~/Desktop$ wget -c https://download.crypto.cat/client/Cryptocat-linux-x64.zip
--2016-08-03 17:00:59--  https://download.crypto.cat/client/Cryptocat-linux-x64.zip
Resolving download.crypto.cat (download.crypto.cat)... 167.114.234.163
Connecting to download.crypto.cat (download.crypto.cat)|167.114.234.163|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 43006788 (41M) [application/zip]
Saving to: ‘Cryptocat-linux-x64.zip’
Cryptocat-linux-x64 100%[===================>]  41,01M  1,23MB/s    in 34s     
2016-08-03 17:01:33 (1,21 MB/s) - ‘Cryptocat-linux-x64.zip’ saved [43006788/43006788]
ouroumov@Box:~/Desktop$ unzip Cryptocat-linux-x64.zip 
Archive:  Cryptocat-linux-x64.zip
 extracting: Cryptocat.zip           
  inflating: Cryptocat.zip.asc       
ouroumov@Box:~/Desktop$ gpg --verify Cryptocat.zip.asc Cryptocat.zip
gpg: Signature made mar. 02 août 2016 13:47:33 CEST using RSA key ID 8453F85F
gpg: Good signature from "Nadim Kobeissi <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 94B8 4193 A00C FA50 F4DC  7475 8457 F623 8453 F85F
ouroumov@Box:~/Desktop$
1 Like

Thanks so much, the verification process worked brilliantly! From the screenshots on the website it looks like it has a GUI but I have not been able to get it to run. How do I get Cryptocat.zip.asc installed? Is it normal in a GNU/Linux-based environment that unzipped files still have the .zip ending included in the file extension (.zip.asc)?

No the .asc is just the signature of the Cryptocat.zip file, which is just a normal archive.
Basically there was a .zip file in a .zip file.
So to get at the application, you now need to unzip Cryptocat.zip
Cheers

1 Like