GPG
Hosted Fermah GPG signing key for verification of our executed scripts.
Import Key
Download the key file and run this command:
gpg --import fermah-gpg.asc
This will import our key and will be useful for any future verifications.
Verify
Our Install Script has a .asc
signature file alongside them. e.g. file install.sh
will have install.sh.asc
available.
gpg --verify install.sh.asc install.sh
Example for Install script
Here's an example for downloading both the signature and the script:
wget https://storage.googleapis.com/fermah-releases/install.sh.asc
wget https://storage.googleapis.com/fermah-releases/install.sh
gpg --verify install.sh.asc install.sh
If verification fails, you should not run the script file and contact us immediately.
The verification signature should display the email from one of our engineers.
Last updated
Was this helpful?