Beigesoft™ digital signatures.
GPG key:
- name: ADFD46A0
- fingerprint: 0344 B8AC CF1A 098E 158E B661 16B5 B1CA ADFD 46A0
This key is used ONLY for signing Beigesoft files ONLY in central MAVEN repository.
You can find this public key on https://pgp.mit.edu/ (http://pgp.mit.edu/pks/lookup?op=get&search=0x16B5B1CAADFD46A0) or create a text file and copy this public key:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.1.6 Comment: Hostname: pgp.mit.edu mQENBFpu6d4BCADZEhE9HN60VqC/FGwnn/wCPxDJhGoT1ztwoImyhx8yPV3HOitjq8/raEZN lDyh9WAnDKXnrazLS3t8GAkpN9z4XV1x/DXz+3n4NCtVSjjbvk/avFOCFb2Rn2PTa4sonSO6 YETFt7IvMH5Scfu2twvMAhseKik9bzny3biQU/q8LkzaKAai1UFBAY7VaXVWsTEbkjl7okkh Sr4MiQJ+6XTHLjv8RRyweffDY638ZOqbaaIEc9cJnuIRD7OxLeXxuCFVDH25UaJ47ysBufMY rKFLhbHPzT/x85SE1CpQhwFBq/QK5VzHOAHnYMQTlV8fEBcB24ICtMyZIzjxIhsGFH0nABEB AAG0ZVl1cnkgRGVtaWRlbmtvIChLZXkgZm9yIHNpZ25pbmcgQmVpZ2Vzb2Z0d2FyZSBmaWxl cyBvbmx5IGluIE1hdmVuIHJlcG9zaXRvcnkpIDxkZW1pZGVua28wNUBnbWFpbC5jb20+iQE+ BBMBAgAoBQJabuneAhsDBQkzf5gABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAWtbHK rf1GoK90B/4sfC7P1al+KxIMPoo6aknfO3/VnXl+yLV6V0m/VlJTRWBLF3TpqY6gxL/wB1lQ SAUlMRaSPpLcGFSo6VCtJ/5wneWxN3uP2KIvFCrIJtLxvR+elQDNIjOq3unAkLJyCWug8hXf 1timGfa1GgBCgx1KJ/xpYXSEhKYF8wwRGeWqPzibAD+P/ys4okfNNUSxrAUcbRh/T4OhxCTz +fRDosYOHIXIWOo/1GI0goB2XQgWZXOdPfhR5JCp76Qyf6rQHNxUiSQq8J7iDb2Fk9cCp9E1 Q9QgXwGWozBln0oN9ZGGV1tZw2jdl/Sge8OiylCjBNItu3XrERef4rFt9xBWRaGW =2t+c -----END PGP PUBLIC KEY BLOCK-----
To add this key into GnuPg use:
gpg --import [public-key-txt-file]
To check GPG signature you should install GnuPG and use command for any ASC file gpg --verify [file-name].asc, e.g.
$ gpg --verify beigesoft-accountingoio-ajetty-bin.zip.asc
You should check that fingerprint is match to this one.
Key to sign JAR/APK file:
- Serial number: 4507171e
- fingerprint MD5: 07:33:19:D0:39:78:C2:CE:42:56:9E:06:2F:76:2C:95
- fingerprint SHA1: 21:78:63:F7:79:6F:E4:F1:68:34:CB:0C:44:D6:C9:9D:50:E6:BE:8F
- fingerprint SHA256: 1F:9A:32:B7:4A:37:8F:C6:0E:E4:46:2A:72:0E:C0:DB:D2:A7:CB:3C:FB:02:B2:32:CB:7D:66:B1:2C:28:8D:C3
This key is used only for signing Beigesoft JAR/WAR/APK files ONLY in central MAVEN repository and Google Play Store.
Key to sign only Beige-UML JAR/APK:
- Serial number: 2f9e4bac
- fingerprint MD5: 4A:BD:94:42:16:30:30:33:CB:21:91:E7:35:30:40:C0
- fingerprint SHA1: CE:46:A4:79:89:C2:66:34:E7:5D:CC:92:FC:F3:C0:90:4F:A1:81:63
- fingerprint SHA256: 34:3C:B4:95:18:BA:3E:FF:F3:52:43:FA:61:D5:3B:2A:55:06:EF:C3:3A:A9:EC:EA:AE:89:E3:C0:60:F9:E7:5A
This key is used for signing only Beige-UML JAR/APK files only in central MAVEN repository and Google Play.
To check JAR/WAR/APK signature use command jarsigner -verify -verbose -certs [file-name].jar/apk, e.g.:
$ jarsigner -verify -verbose -certs beigesoft-accountingoio-ajetty-jar-with-dependencies.jar
To check key fingerprint you should unpack BEIGESOF.RSA that is inside JAR/WAR/APK META-INF folder (JAR, WAR and APK is actually ZIP archives) then run command:
$ keytool -printcert -file BEIGESOF.RSA
For MS Windows you should open power shell and run commands like this:
& "C:\Program Files (x86)\Java\jre[version#8]\bin\jarsigner.exe" -verify -verbose -certs beigesoft-accountingoio-ajetty-jar-with-dependencies.jar & "C:\Program Files (x86)\Java\jre[version#8]\bin\keytool.exe" -printcert -file BEIGESOF.RSA
For Unix-like OS (including MAC OS) you should use terminal to run these commands. If you did not set JAVA-HOME/bin in the PATH environment variable then you should type full Java path in the commands.