don’t know if this is of any help to anyone except maybe past me, but i had a hard time finding the correct Public Key to verify the current Krita AppImage: So what finally worked was gpg --import this Public Key here https://files.kde.org/krita/dmitry_kazakov.gpg and gpg --verify krita-5.2.9-x86_64.AppImage.sig then gpg says Good signature (fingerprint: E9FB 29E7 4ADE ACC5 E303 5B8A B69E B4CF 7468 332F). Anyway (>’ v ')> here is a drawing i made using my laptops wonky touchpad.
KOOL
if you’re worried about the integrity of the sources you’re installing from why are you using app images? Use a repo, or flathub
*KOOL
korrected
Kongratulations
Ceep up the good work oops.
:grimace:
compile it yourself I guess
Why would you sign it?
Ah i meant i downloaded the signature from download.kde.org/stable/krita/5.2.9/, just wanted to make sure that the Krita AppImage i had was legitimate
Look at the properties of the file in dolphin. It will show you various file signatures.
sorry, i think my post might be a little misleading everything is fine with the AppImage and the Detached signature (downloaded from krita.org) always has been as far as i know, i only verified the AppImage for ‘fun’. The only hiccup i had was that the webpage was unclear on where to find the PGP Public key, that you use to verify the signature. of course doing this is not necessary since i downloaded the AppImage from the official webpage over a secure connection.
Where did you download krita from?
The official website?
Do they not provide an md5sum? I’ve never seen anyone check an app’s integrity issuing public keys
i couldn’t find the md5sum s for the current version, i saw they do provide some for older versions https://download.kde.org/Attic/krita/5.2.0/, but they do have GPG Signatures .sig files at https://download.kde.org/stable/krita/5.2.9/ for the current version
Awesome thanks, your right, can’t believe i missed that, i guess details do matter
