From 0a7ffbcc8f1589f41be75dff59b524b734b3a769 Mon Sep 17 00:00:00 2001 From: J-Jamet Date: Fri, 6 Sep 2024 10:31:41 +0200 Subject: [PATCH] fix: Make the apk verification even clearer #1831 --- README.md | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 97fc4c9e8..586a1b3b0 100644 --- a/README.md +++ b/README.md @@ -60,21 +60,24 @@ Optional visual styles are accessible after a contribution (and a congratulatory [Version [differences](https://github.com/Kunzisoft/KeePassDX/wiki/FAQ#why-a-libre-and-free-version)] ## Verify the authenticity of the downloaded app from GitHub -1- Download the latest app from [GitHub releases](https://github.com/Kunzisoft/KeePassDX/releases/latest).
-2- Open the directory where you saved the downloaded file in the Terminal on Linux/MacOS.
-3- You must have `keytool` command installed.
-4- Depending on the flavor you downloaded, run: +- Download the latest app from [GitHub releases](https://github.com/Kunzisoft/KeePassDX/releases/latest).
+- Open the directory where you saved the downloaded file in the Terminal. +- Make sure that you have `keytool` installed by running: ``` -keytool -printcert -jarfile KeePassDX-*-libre.apk | grep '7D:55:B8:AF:21:03:81:AA:BF:96:0F:07:E1:7C:F7:85:7B:6D:2A:64:2C:A2:DA:6B:F0:BD:F1:B2:00:36:2F:04' -``` -Or: -``` -keytool -printcert -jarfile KeePassDX-*-free.apk | grep '7D:55:B8:AF:21:03:81:AA:BF:96:0F:07:E1:7C:F7:85:7B:6D:2A:64:2C:A2:DA:6B:F0:BD:F1:B2:00:36:2F:04' -``` -You should get this output: -``` -SHA256: 7D:55:B8:AF:21:03:81:AA:BF:96:0F:07:E1:7C:F7:85:7B:6D:2A:64:2C:A2:DA:6B:F0:BD:F1:B2:00:36:2F:04 +keytool -version ``` +- Depending on the flavor you downloaded, run: + + - For the `libre` flavor: + ```shell + (keytool -printcert -jarfile KeePassDX-*-libre.apk | grep -q '7D:55:B8:AF:21:03:81:AA:BF:96:0F:07:E1:7C:F7:85:7B:6D:2A:64:2C:A2:DA:6B:F0:BD:F1:B2:00:36:2F:04' && echo && echo && echo "The app is safe to be installed.") || (echo && echo && echo "The app is not safe to be installed.") + ``` + + - For the `free` flavor: + ```shell + (keytool -printcert -jarfile KeePassDX-*-free.apk | grep -q '7D:55:B8:AF:21:03:81:AA:BF:96:0F:07:E1:7C:F7:85:7B:6D:2A:64:2C:A2:DA:6B:F0:BD:F1:B2:00:36:2F:04' && echo && echo && echo "The app is safe to be installed.") || (echo && echo && echo "The app is not safe to be installed.") + ``` +You should get an output that tells you if the app is safe to be installed or not. ## Frequently Asked Questions Other questions? You can read the [FAQ](https://github.com/Kunzisoft/KeePassDX/wiki/FAQ)