Versions Compared

Old Version 7

changes.mady.by.user Stonebranch

Saved on

compared with

New Version 8

changes.mady.by.user Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

For Universal Controller 7.6 and Universal Agent 7.6 and forward, the installation packages are PGP-signed for security and authentication.

Verifying the files with digital signatures helps mitigate the risk of downloading and installing malicious or compromised software.

You can download the public key here to verify packages.

This page will show you how the signature interaction works and how you can verify the files once you download them.

Verifying PGP Signatures

Info

The example provided uses The GNU Privacy Guard. Any OpenPGP compliant program should work successfully.

Each package has a corresponding .asc file (detached signature). For example, the release universal-controller-7.6.0.0-build.140.zip would have a corresponding file, universal-controller-7.6.0.0-build.140.zip.asc.

These instructions assume you have already installed downloaded both of these files. 

The example commands provided are for the verification of Universal Controller packages, but the instructions are the same for Universal Agent.

...

Download the GPG public key from https://packages.stonebranch.com/uac/GPG-KEY-UAC.asc

2. Import and

...

Certify the Public Key

...

Verify that the fingerprint of the public key is B666 8901 95B2 A3E6 F8A2 1FC8 77D5 3847 2C46 C119.

...

Note

If you omit this step, then you will see the following warning when verifying the archive installation package signature.

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.


3. Verify the

...

 Installation Package Signature

Verify the installation packages.

...