Verify checksum of download

In a terminal:

  1. Navigate to the download.

  2. Then paste the first line of the following block into the terminal.

  3. Verify that the output matches the second line in the block.

$sha256sum |cdw-appimage|
|cdw-appimage-checksum|

Verify download with signature

To verify that the downloaded file is an official Concordium release, you can verify that the file is signed by Concordium. To do this, you need a signature of the release and a public key.

With the signature, the public key, and the downloaded file all in the same directory, execute the following steps to verify that the file has been signed by Concordium.

In a terminal:

  1. Navigate to the directory containing the assets needed to verify.

  2. Then paste the first line of the following block into the terminal

  3. The command outputs Signature Verified Successfully as a result, as inidicated by the second line in the block.

$openssl pkeyutl -verify -pubin -inkey concordium-desktop-wallet-pubkey.pem -rawin -in |cdw-appimage| -sigfile |cdw-appimage|.sig
Signature Verified Successfully

Note that this only works for openssl version 3.0.0 and up.

Was this article helpful?