Where can I find checksums for the LSK wallet file and the Lisk public GPG key? I cannot trust the downloaded AppImage (I’m using Ubuntu) until I can verify it’s authenticity and integrity.
There should be made available a SHA256SUMS file with a checksum for the AppImage wallet file. There should also be a SHA256SUMS.sig file and a GPG key with published fingerprint to be able to trust the checksum file.
In the assets -> latest-linux.yml contains hashes I don’t know if this is what you are looking for?
Ah, thanks Moosty! It’s not in there, but I found the
sha256sums.txt file here.
Now I’m hoping to obtain the Lisk public PGP key and
- I can use the
sha256sums.txt to verify the integrity of the download, which tells me that it hasn’t been modified from the file that was pushed to the repository.
sha256sums.txt.sig file along with a published PGP public key or fingerprint tells me that the
sha256sums.txt file is authentic and that it came from Lisk and not someone else.
Both things are required for trust. I hope that helps to clarify?