GPG

Hosted Fermah GPG signing key for verification of our executed scripts.

Import Key

Download the key file and run this command:


gpg --import fermah-gpg.asc

This will import our key and will be useful for any future verifications.

Verify

Our Install Script has a .asc signature file alongside them. e.g. file install.sh will have install.sh.asc available.


gpg --verify install.sh.asc install.sh

Example for Install script

Here’s an example for downloading both the signature and the script:


wget https://storage.googleapis.com/fermah-releases/install.sh.asc
wget https://storage.googleapis.com/fermah-releases/install.sh
gpg --verify install.sh.asc install.sh

If verification fails, you should not run the script file and contact us immediately.

A successful verification will display an engineer’s email address.