don’t know if this is of any help to anyone except maybe past me, but i had a hard time finding the correct Public Key to verify the current Krita AppImage: So what finally worked was gpg --import this Public Key here https://files.kde.org/krita/dmitry_kazakov.gpg and gpg --verify krita-5.2.9-x86_64.AppImage.sig then gpg says Good signature (fingerprint: E9FB 29E7 4ADE ACC5 E303 5B8A B69E B4CF 7468 332F). Anyway (>’ v ')> here is a drawing i made using my laptops wonky touchpad.
KOOL
if you’re worried about the integrity of the sources you’re installing from why are you using app images? Use a repo, or flathub
*KOOL
korrected
Kongratulations
Ceep up the good work oops.
:grimace:
compile it yourself I guess
sorry, i think my post might be a little misleading everything is fine with the AppImage and the Detached signature (downloaded from krita.org) always has been as far as i know, i only verified the AppImage for ‘fun’. The only hiccup i had was that the webpage was unclear on where to find the PGP Public key, that you use to verify the signature. of course doing this is not necessary since i downloaded the AppImage from the official webpage over a secure connection.
Where did you download krita from?
The official website?
Why would you sign it?
Ah i meant i downloaded the signature from download.kde.org/stable/krita/5.2.9/, just wanted to make sure that the Krita AppImage i had was legitimate
Look at the properties of the file in dolphin. It will show you various file signatures.
Do they not provide an md5sum? I’ve never seen anyone check an app’s integrity issuing public keys
i couldn’t find the md5sum s for the current version, i saw they do provide some for older versions https://download.kde.org/Attic/krita/5.2.0/, but they do have GPG Signatures .sig files at https://download.kde.org/stable/krita/5.2.9/ for the current version
It’s under details.
Awesome thanks, your right, can’t believe i missed that, i guess details do matter
