Overview
For Universal Controller 7.6 and Universal Agent 7.6 and forward, the installation packages are PGP-signed for security and authentication.
Verifying the files with digital signatures helps mitigate the risk of downloading and installing malicious or compromised software.
This page will show you how the signature interaction works and how you can verify the files once you download them.
Verifying PGP Signatures
| Info |
|---|
The example provided uses The GNU Privacy Guard. Any OpenPGP compliant program should work successfully. |
Each package has a corresponding .asc file (detached signature). For example, the release universal-controller-7.6.0.0-build.140.zip has a corresponding file, universal-controller-7.6.0.0-build.140.zip.asc.
These instructions assume you have already downloaded both of these files.
...
Verify that the fingerprint of the public key is B666 8901 95B2 A3E6 F8A2 1FC8 77D5 3847 2C46 C119.
| Code Block | ||
|---|---|---|
| ||
>gpg --import --import-options show-only GPG-KEY-UAC.asc
pub rsa4096 2024-02-27 [C] [expires: 2027-02-26]
B666890195B2A3E6F8A21FC877D538472C46C119
uid Stonebranch, Inc. <support@stonebranch.com>
sub rsa4096 2024-02-27 [S] [expires: 2027-02-26]
sub rsa4096 2024-02-27 [S] [expires: 2027-02-26] |
...
| Code Block | ||
|---|---|---|
| ||
>gpg --verify universal-controller-7.6.0.0-build.140.zip.asc universal-controller-7.6.0.0-build.140.zip gpg: Signature made 04/02/24 15:45:21 Eastern Daylight Time gpg: using RSA key 7870D479A577FCF6518A62CD2F768A37A6E81362 gpg: Good signature from "Stonebranch, Inc. <support@stonebranch.com>" [full] |
...