How to verify PGP signature of downloaded software


PGP (Pretty Good Privacy) is an encryption software that is mostly known for its use in email. It is used for encrypting, decrypting, and signing emails and files. Today we’ll focus on two of its most valuable features: verification and signing.

Why check PGP signatures?

Signing and verifying the signatures is important for data integrity. Verifying PGP signatures allows us to verify that the file or message came from a trusted source, since it has been signed with the author’s private key. The private key is something that only the author alone should have access to.  In order to verify it’s authentic, we would only need the signer’s public key.

How to use PGP to verify signature

In this article we’re going to verify the PGP fingerprint from Cryptomator. We’ll need three things: 

  1. .asc file, or PGP signature 
  2. The author’s verified public key
  3. software that we downloaded

First we will download software from Once we downloaded software, we will import PGP public key:

gpg --import cryptomator.asc

You can verify fingerprint of imported public PGP key:

gpg --list-keys

You should see the fingerprint of key:


Now we need to download PGP signature (digital signed software):

gpg --verify pgp-signature.asc cryptomator.appimage

If signature is ok, it should return:

Good signature from "Cryptobot"

Alternative solution: verify the sha256 checksum of a file

SHA256 checksum verification helps verify integrity of files you download. It helps identify if the downloaded file has been corrupted.

Open command prompt with administrator privileges. Navigate to the directory in which the downloaded file exists. Based on the OS you are using, execute the command mentioned.


sha256sum cryptomator.appimage



CertUtil -hashfile C:\file SHA256


Get-FileHash C:\file -Algorithm SHA256


shasum -a 256 /file

Alvosec is Block Producer for XPR Network

Download wallet and earn daily staking rewards.

Ready for Action?

Don’t hesitate to contact us if you need more information.
Let's Go!
BTC: bc1qnn4zfqqtexl4fkjk2vz6tk74sn92x326wwn0ph

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram