Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[question] How to validate the downloaded software authenticity? #609

Closed
epoberezkin opened this issue Apr 12, 2024 · 4 comments
Closed

[question] How to validate the downloaded software authenticity? #609

epoberezkin opened this issue Apr 12, 2024 · 4 comments

Comments

@epoberezkin
Copy link

epoberezkin commented Apr 12, 2024
edited
Loading

E.g., by validating downloaded software hash and/or signature.
@emlun
Copy link
Member

emlun commented Apr 15, 2024

Hi! Signatures are included in the release channels listed in the README and at developers.yubico.com. Release signing keys are also listed on developers.yubico.com.

@epoberezkin
Copy link
Author

Thank you, to be more precise, I was looking to validate signature for appimage that is available via the website, and it's not available in the release page.

@emlun
Copy link
Member

emlun commented Apr 15, 2024

In that case I assume you mean the YubiKey Manager GUI, not the CLI (which is what's hosted in this repository). Those releases and their signatures are listed here. However, for most use cases I would recommend using Yubico Authenticator instead, which now has almost all the capabilities of the YubiKey Manager GUI.

@epoberezkin
Copy link
Author

thank you!

@emlun emlun closed this as completed Apr 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@emlun @epoberezkin