Beigesoft™ digital signatures.

GPG key:

• name: ADFD46A0
• fingerprint: 0344 B8AC CF1A 098E 158E B661 16B5 B1CA ADFD 46A0

This key is used ONLY for signing Beigesoft files ONLY in central MAVEN repository.

You can find this public key on https://pgp.mit.edu/ (http://pgp.mit.edu/pks/lookup?op=get&search=0x16B5B1CAADFD46A0) or create a text file and copy this public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: pgp.mit.edu

mQENBFpu6d4BCADZEhE9HN60VqC/FGwnn/wCPxDJhGoT1ztwoImyhx8yPV3HOitjq8/raEZN
lDyh9WAnDKXnrazLS3t8GAkpN9z4XV1x/DXz+3n4NCtVSjjbvk/avFOCFb2Rn2PTa4sonSO6
YETFt7IvMH5Scfu2twvMAhseKik9bzny3biQU/q8LkzaKAai1UFBAY7VaXVWsTEbkjl7okkh
Sr4MiQJ+6XTHLjv8RRyweffDY638ZOqbaaIEc9cJnuIRD7OxLeXxuCFVDH25UaJ47ysBufMY
rKFLhbHPzT/x85SE1CpQhwFBq/QK5VzHOAHnYMQTlV8fEBcB24ICtMyZIzjxIhsGFH0nABEB
AAG0ZVl1cnkgRGVtaWRlbmtvIChLZXkgZm9yIHNpZ25pbmcgQmVpZ2Vzb2Z0d2FyZSBmaWxl
cyBvbmx5IGluIE1hdmVuIHJlcG9zaXRvcnkpIDxkZW1pZGVua28wNUBnbWFpbC5jb20+iQE+
BBMBAgAoBQJabuneAhsDBQkzf5gABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAWtbHK
rf1GoK90B/4sfC7P1al+KxIMPoo6aknfO3/VnXl+yLV6V0m/VlJTRWBLF3TpqY6gxL/wB1lQ
SAUlMRaSPpLcGFSo6VCtJ/5wneWxN3uP2KIvFCrIJtLxvR+elQDNIjOq3unAkLJyCWug8hXf
1timGfa1GgBCgx1KJ/xpYXSEhKYF8wwRGeWqPzibAD+P/ys4okfNNUSxrAUcbRh/T4OhxCTz
+fRDosYOHIXIWOo/1GI0goB2XQgWZXOdPfhR5JCp76Qyf6rQHNxUiSQq8J7iDb2Fk9cCp9E1
Q9QgXwGWozBln0oN9ZGGV1tZw2jdl/Sge8OiylCjBNItu3XrERef4rFt9xBWRaGW
=2t+c
-----END PGP PUBLIC KEY BLOCK-----

To add this key into GnuPg use:

gpg --import [public-key-txt-file]

To check GPG signature you should install GnuPG and use command for any ASC file gpg --verify [file-name].asc, e.g.

$ gpg --verify beigesoft-accountingoio-ajetty-bin.zip.asc   

You should check that fingerprint is match to this one.

Key to sign JAR/APK file:

• Serial number: 4507171e
• fingerprint MD5: 07:33:19:D0:39:78:C2:CE:42:56:9E:06:2F:76:2C:95
• fingerprint SHA1: 21:78:63:F7:79:6F:E4:F1:68:34:CB:0C:44:D6:C9:9D:50:E6:BE:8F
• fingerprint SHA256: 1F:9A:32:B7:4A:37:8F:C6:0E:E4:46:2A:72:0E:C0:DB:D2:A7:CB:3C:FB:02:B2:32:CB:7D:66:B1:2C:28:8D:C3

This key is used only for signing Beigesoft JAR/WAR/APK files ONLY in central MAVEN repository and Google Play Store.

Key to sign only Beige-UML JAR/APK:

• Serial number: 2f9e4bac
• fingerprint MD5: 4A:BD:94:42:16:30:30:33:CB:21:91:E7:35:30:40:C0
• fingerprint SHA1: CE:46:A4:79:89:C2:66:34:E7:5D:CC:92:FC:F3:C0:90:4F:A1:81:63
• fingerprint SHA256: 34:3C:B4:95:18:BA:3E:FF:F3:52:43:FA:61:D5:3B:2A:55:06:EF:C3:3A:A9:EC:EA:AE:89:E3:C0:60:F9:E7:5A

This key is used for signing only Beige-UML JAR/APK files only in central MAVEN repository and Google Play.

To check JAR/WAR/APK signature use command jarsigner -verify -verbose -certs [file-name].jar/apk, e.g.:

$ jarsigner -verify -verbose -certs beigesoft-accountingoio-ajetty-jar-with-dependencies.jar

To check key fingerprint you should unpack BEIGESOF.RSA that is inside JAR/WAR/APK META-INF folder (JAR, WAR and APK is actually ZIP archives) then run command:

$ keytool -printcert -file BEIGESOF.RSA

For MS Windows you should open power shell and run commands like this:

& "C:\Program Files (x86)\Java\jre[version#8]\bin\jarsigner.exe" -verify -verbose -certs beigesoft-accountingoio-ajetty-jar-with-dependencies.jar & "C:\Program Files (x86)\Java\jre[version#8]\bin\keytool.exe" -printcert -file BEIGESOF.RSA

For Unix-like OS (including MAC OS) you should use terminal to run these commands. If you did not set JAVA-HOME/bin in the PATH environment variable then you should type full Java path in the commands.