DyScan
  • DyScan Integration Guide
  • iOS Integration Guide
  • Android Integration Guide
  • React Native Integration Guide
  • Cordova Integration Guide
  • Integrity Verification
  • Migrating from card.io
    • Migrating from card.io (iOS)
    • Migrating from card.io (Android)
  • Integrating with Stripe
    • Integrating with Stripe (iOS)
    • Integrating with Stripe (Android)
  • Alternate Ways to Integrate iOS
    • Integrating with Swift Package Manager
    • Integrating with Carthage
    • Integrating as a Framework
  • Alternate Ways To Integrate Android
    • Manually Importing the Library
    • Using DyScanView
  • MIGRATING FROM 1.0.X TO 1.1.X
    • Migrating from 1.0.x to 1.1.x (iOS)
    • Migrating from 1.0.x to 1.1.x (Android)
    • Migrating from 1.0.x to 1.1.x (React Native)
Powered by GitBook
On this page
  • Install GnuPG
  • Get our public key
  • Checksums and signatures
  • Verify Android
  • Verify iOS

Was this helpful?

Integrity Verification

PreviousCordova Integration GuideNextMigrating from card.io (iOS)

Last updated 1 year ago

Was this helpful?

You can verify the integrity and authenticity of a DyScan release, which assures you that you are using the original, unmodified files that we released. Steps are described below.

Install GnuPG

Download is available under "binary releases" section here:

Alternatively if you are using Homebrew on Mac OS, you can run this command:

brew install gnupg

Get our public key

You will need our public key to verify the signature. Here is the key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF51HRMBEADVH55lXUSymiBeKj0LUrjSige3Jpfsu2gKcGOYzRtYNIpjXGu5
OKSJN3ViCTOhX5V5hmhXKKE7g8kYqhd6OX16XRi7yoWlzBNaFMDsStFlhmEQ2xbq
kgSuLpI4448/JFJqE7N7Az1KasIpjYse4Fth7QQTqhvJEnDOFaw7FiEXX1kbZZc9
rbYSM9X5cJmextSJCLDOaCQuAfZ00/VJWnQnozB8msncw3+7mqzow+bzL0+hwEdz
Y3LAF9YIbiKNoTci3MoDF2yZZ9w1GHxkHQF3fJjBmcNXv1n8tQ7Hcwp1kocWVygi
CbmARgWdz9w6WUeA2chVneR3XD8zgxdTzK+PPs6aSM1vNy8UsRgFfKw7Z6qHnqHR
/6Hk6Os6P4xdHNDpgHQ7XHsP/+czDla5xKbmPLtXcaYoRLcVh+F91V/14AF9zY3c
AotuXtNjuWRjvV3HzRD9pBH2ajLAzu4eIotknBcJldChJuYXrHc57NGFErS7s5WJ
S5nCeS3NAKzmUH3817/rkS39SJP6Ga8f/uVnSOkgiX6ks+UuInRk1IkninosCs67
0wKHG5zIeYEkR/MpR+ZxuMj6DtEDRpg2ZhuHUte2NNAH1aMDYih6Fcm0HFi6eXjm
CGdaYJSeTV3F04Tip+yK79dbSEinYn+7OIZmRr/2Xs7qcSxq/CQlYNdFWQARAQAB
tCtEeW5ldGkgVGVjaG5vbG9naWVzLCBJbmMuIDx0ZWFtQGR5bmV0aS5jb20+iQJU
BBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEllFpnm0KZfoinm6F
pcmbG/OY5aYFAmX9vC4FCRDuoJsACgkQpcmbG/OY5aaBRA//dKLFL7DrEOyiGh36
ymgvc+Zz9N9XSNcK35qd6hdyGaI4jtwWUyTKvLXoZKYj5YW2DhweMy9ckZYumkMz
dwIAmJm0q6vJmeEc0Z2gPkA6Z70NZoCGjRYfD+TeM4v3061hIttJsdGRET/YoJ6t
oKJ0nZc+xYYf2DM2wn0RLw3R0lSfQG29t2lmcOx7zEATl/VSQyJZmfZUF4K1HG4a
7EdSl/0+9XYfsXBDqX8LtI3dwI35Ng+RTUliu+KSQxPvFKDwU4NbW29DDHkcfMV6
QNW78ARZ6G2Ihwe6ibQsVlT9OoIy73YU0ilnKcAMl2tXJmFG6BTpQLIB3lWLlzIL
G04LxqCbsZ7RdNTYaHd0rFcxUoHY2cHOr/UUofx4KxSwbwokRQk3lgWTqX75jljK
Sh+4/puh9HY8U/CZ1DlRK1mtLVYKjujDX4jdlNHlW2y9WBRy0WwePfek/1Tiugp6
aV1HJDa2FSvB8mUnrgbGsfsrhsT5t9A4e0WcrFCyZEdNyoNNjyV9LCGmHI0QhdwW
1ReExqn4YhUzbVQCInGTJiAlDOixuULiqn8dnoi3b42xOS4eCAmsZ32xuVaBxPEd
26TXTEaxW6QjI94xPoR7SDFqLF7hWmt7csmU+31LXKRrHKoxPCvi0vG2lHb1WDLA
sw+7107LAsEpgRcZTWr/vzBtEdO5Ag0EXnUdEwEQALJbmSWEl/K2Nodbt91zVRX6
L654oUtH2iQqp0/3getfQBpDFwJgeoROxPP7VerdZ571T9kPFvl9hwiR1LvLaGbW
8Q2mbOg4mK+DSuk3U1iZi2dI5/3Azi1rAHlpLJq5MR/CBlodKLqsHdDe+XDXSWmV
/+o4Fs0DPz5HD+bhWEQfY2Ge5WXN1rZg/sAh4br+io3WerxtG8vwYvdpWy4ev6yr
NsntpGSqsPu5kCToURyahAeSgM3w5Eg0IbaN+zda4+PSbqIJajB/3JlPLfnN6Xa7
dyC5ekxxEIYZgBjl61cWj0fV6CskJgPxVeY1LLEfzVbv8cZWxSWRihO/dgN9M5Zh
iKJ6SBmEH7KjMw5g4hTP3kP+UPRtzR52eAxNuiocAlbOA307bfivM8kbkRBHq039
pEcxVycdamE+m5+9+EXGFkezlk1qOeroWSnUy1aFbIJwqQ35WVyee25SubDHdZ8J
YAYl/9ZecYmIIoTolsQBXJyPVgUmTKUz8KcSgXlksOqZeLm+Kja1kE+mek8JI91s
f/kmG8Hv/ybTckR5MHeAmcjwIWqZl9I168VmQ2DqSg8OfiQe743ZKksEH4rSoqxn
WgKV/FMkf7hdqypCtPYKxwQA30UgchamJ9HhDlBEeVYtFqVji/LCWHjiQOZb4HFZ
hy1V8rDkIPXxWFS1uigLABEBAAGJAjwEGAEIACYCGwwWIQSWUWmebQpl+iKeboWl
yZsb85jlpgUCZf28owUJEO6hEAAKCRClyZsb85jlpjYBEADPBl/A8WaAVCDXW99z
FPkka/aELJvgxSy9h5M+mgT5J5gRnA5e24W0tDyycJCMohFtBK3aL2fxPNxx9sxD
FeeCpKSPaHa8n8BCz8RBJOlz8C7mBXYRP3nTDXkw+45MjCE1iLd1ITdKcdQQUlnu
uTdmGNZmYKkIo49OgJTm0Qy2ROqDTq8zklq6d3GbFOzwcbBmutc31T0lnVKbOaHS
QQ8+kgo6uW23c8dx7KMOitCWS4Ub3xwRbTf/SdGhsOR7D8bVIvdVh94deaf5EFfW
/8rhkKLxWIoC6d8XmnF//3oIrZaB+FhwR3HgIDF4TmLBi6XlA1ML8OklOv1CIjg0
Drxp/VcuJ1/gONARn58rzwnDt0kyA7gZ6zdWfnaW5nnBW73DRfFhHIEziW01/+JE
VFtyheRdBl2HMulv+xEvWlC1WAMhyRhGpsf5nrSj3TeyNBfPgXq62ovnNXCifEZF
qHtKvh2ROUy47n4/Q5C+mkNrHu1Gsu3AzmO0VKsUUe9VZyyvU39/kRJlkxp1Ym/0
3Catly+o1/6RnEb4qSwwwBlMrJrIHRGBEqzyns3uP6KUDXqydi2gRvV2yY9yi4Sy
/KbjU1wWpBEB1LA02+Z8KbOIKlfd4hVxsU3iyGCJQ6NjSdeONIaW4WS9govEQsKT
OccMCIx+VVSeGpRo3yAGK1tldA==
=VDYD
-----END PGP PUBLIC KEY BLOCK-----

The public key has been updated on March 22, 2024.

Save it to a file (ex. dyneti.gpg) and run this command to import the key:

gpg --import dyneti.gpg

Checksums and signatures

After getting the access token for Dyneti's repo access, go to any temporary directory outside your project directory and clone our repository with the following terminal commands:

For Android

git clone https://dyscan@github.com/Dyneti/dyscan-android-distribution
git checkout RELEASE_VERSION

For iOS

git clone https://dyscan@github.com/Dyneti/dyscan-ios-distribution.git
git checkout RELEASE_VERSION

When asked for a password for user "dyscan", paste the access token that we provided. Checksums and signatures are available in the same directory as your chosen release version.

Verify Android

Go to your dyscan.aar file location and ensure the checksum and signature files are there.

Run this command to generate checksum for your local copy of dyscan.aar and compare with our checksum:

$ shasum -c dyscan.aar.sig

The command produces an output with OK, it means that the checksums are matching.

dyscan.aar: OK

If you've imported our public key, you can verify the signature of the checksum using this command:

gpg --verify dyscan.aar.sig dyscan.aar.sha256

The command will output the signature date, RSA key, creator info and verification result: good or bad signature.

gpg: Signature made Fri Mar 20 21:11:08 2020 CET
gpg:                using RSA key 9651699E6D0A65FA229E6E85A5C99B1BF398E5A6
gpg: Good signature from "Dyneti Technologies, Inc. <team@dyneti.com>" [ultimate]

Verify iOS

Go to your DyScan.xcframework location and ensure the checksum and signature files are there.

Run this command to generate checksum for your local copy of DyScan.xcframework and compare with our checksum:

shasum -c DyScan-local.xcframework.sha256 | grep -v "OK$"

If the command doesn't produce any output, it means that the checksums match your local files.

If you've imported our public key, you can verify the signature of the checksum using this command:

gpg --verify DyScan.xcframework.sig DyScan.xcframework.sha256

The command will output the signature date, RSA key, creator info and verification result: good or bad signature.

gpg: Signature made Fri Mar 20 21:11:08 2020 CET
gpg:                using RSA key 9651699E6D0A65FA229E6E85A5C99B1BF398E5A6
gpg: Good signature from "Dyneti Technologies, Inc. <team@dyneti.com>" [ultimate]
https://gnupg.org/download/