Beigesoft™ digital signatures.
GPG key:
name: ADFD46A0
fingerprint: 0344 B8AC CF1A 098E 158E B661 16B5 B1CA ADFD 46A0
This key is used ONLY for signing Beigesoft files ONLY in central MAVEN repository.
You can find this public key on http://pgp.mit.edu/ (http://pgp.mit.edu/pks/lookup?op=get&search=0x16B5B1CAADFD46A0) or create a text file and copy this public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQENBFpu6d4BCADZEhE9HN60VqC/FGwnn/wCPxDJhGoT1ztwoImyhx8yPV3HOitj
q8/raEZNlDyh9WAnDKXnrazLS3t8GAkpN9z4XV1x/DXz+3n4NCtVSjjbvk/avFOC
Fb2Rn2PTa4sonSO6YETFt7IvMH5Scfu2twvMAhseKik9bzny3biQU/q8LkzaKAai
1UFBAY7VaXVWsTEbkjl7okkhSr4MiQJ+6XTHLjv8RRyweffDY638ZOqbaaIEc9cJ
nuIRD7OxLeXxuCFVDH25UaJ47ysBufMYrKFLhbHPzT/x85SE1CpQhwFBq/QK5VzH
OAHnYMQTlV8fEBcB24ICtMyZIzjxIhsGFH0nABEBAAG0ZVl1cnkgRGVtaWRlbmtv
IChLZXkgZm9yIHNpZ25pbmcgQmVpZ2Vzb2Z0d2FyZSBmaWxlcyBvbmx5IGluIE1h
dmVuIHJlcG9zaXRvcnkpIDxkZW1pZGVua28wNUBnbWFpbC5jb20+iQE+BBMBAgAo
BQJabuneAhsDBQkzf5gABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAWtbHK
rf1GoK90B/4sfC7P1al+KxIMPoo6aknfO3/VnXl+yLV6V0m/VlJTRWBLF3TpqY6g
xL/wB1lQSAUlMRaSPpLcGFSo6VCtJ/5wneWxN3uP2KIvFCrIJtLxvR+elQDNIjOq
3unAkLJyCWug8hXf1timGfa1GgBCgx1KJ/xpYXSEhKYF8wwRGeWqPzibAD+P/ys4
okfNNUSxrAUcbRh/T4OhxCTz+fRDosYOHIXIWOo/1GI0goB2XQgWZXOdPfhR5JCp
76Qyf6rQHNxUiSQq8J7iDb2Fk9cCp9E1Q9QgXwGWozBln0oN9ZGGV1tZw2jdl/Sg
e8OiylCjBNItu3XrERef4rFt9xBWRaGW
=2t+c
-----END PGP PUBLIC KEY BLOCK-----
To add this key into GnuPg use:
gpg --import [public-key-txt-file]
To check GPG signature you should install GnuPG and use command for any ASC file gpg --verify [file-name].asc, e.g.
$ gpg --verify beigesoft-accountingoio-ajetty-bin.zip.asc
You should check that fingerprint is match to this one.
Key to sign JAR/APK file:
Serial number: 4507171e
fingerprint MD5: 07:33:19:D0:39:78:C2:CE:42:56:9E:06:2F:76:2C:95
fingerprint SHA1: 21:78:63:F7:79:6F:E4:F1:68:34:CB:0C:44:D6:C9:9D:50:E6:BE:8F
fingerprint SHA256: 1F:9A:32:B7:4A:37:8F:C6:0E:E4:46:2A:72:0E:C0:DB:D2:A7:CB:3C:FB:02:B2:32:CB:7D:66:B1:2C:28:8D:C3
This key is used only for signing Beigesoft JAR/WAR/APK files ONLY in central MAVEN repository and Google Play Store.
Key to sign only Beige-UML JAR/APK:
Serial number: 2f9e4bac
fingerprint MD5: 4A:BD:94:42:16:30:30:33:CB:21:91:E7:35:30:40:C0
fingerprint SHA1: CE:46:A4:79:89:C2:66:34:E7:5D:CC:92:FC:F3:C0:90:4F:A1:81:63
fingerprint SHA256: 34:3C:B4:95:18:BA:3E:FF:F3:52:43:FA:61:D5:3B:2A:55:06:EF:C3:3A:A9:EC:EA:AE:89:E3:C0:60:F9:E7:5A
This key is used for signing only Beige-UML JAR/APK files only in central MAVEN repository and Google Play.
To check JAR/WAR/APK signature use command jarsigner -verify -verbose -certs [file-name].jar/apk, e.g.:
$ jarsigner -verify -verbose -certs beigesoft-accountingoio-ajetty-jar-with-dependencies.jar
To check key fingerprint you should unpack BEIGESOF.RSA that is inside JAR/WAR/APK META-INF folder (JAR, WAR and APK is actually ZIP archives) then run command:
$ keytool -printcert -file BEIGESOF.RSA
For MS Windows you should open power shell and run commands like this:
& "C:\Program Files (x86)\Java\jre[version#8]\bin\jarsigner.exe" -verify -verbose -certs beigesoft-accountingoio-ajetty-jar-with-dependencies.jar & "C:\Program Files (x86)\Java\jre[version#8]\bin\keytool.exe" -printcert -file BEIGESOF.RSA
For Unix-like OS (including MAC OS) you should use terminal to run these commands. If you did not set JAVA-HOME/bin in the PATH environment variable then you should type full Java path in the commands.