apksigner verify --print-certs --verbose <name>.apk
Check checksums: sha256sum --check <name>.asc
, change sha256sum
to corresponding tool is checksums algorithm is not SHA256.
With file app-release.apk
and sha256sum.txt.asc
from this release.
The output of checksum check command is
app-release.apk: OK
sha256sum: WARNING: 14 lines are improperly formatted
- Download public key:
curl -sO <public-key-url>
- Import public key:
gpg --import <public-key-file>
- Verify the signature:
gpg --verify <name>.asc
Reference: https://syncthing.net/security/