Integrity Verification
You can verify the integrity and authenticity of a DyScan release, which assures you that you are using the original, unmodified files that we released. Steps are described below.
Alternatively if you are using Homebrew on Mac OS, you can run this command:
brew install gnupg
You will need our public key to verify the signature. Here is the key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF51HRMBEADVH55lXUSymiBeKj0LUrjSige3Jpfsu2gKcGOYzRtYNIpjXGu5
OKSJN3ViCTOhX5V5hmhXKKE7g8kYqhd6OX16XRi7yoWlzBNaFMDsStFlhmEQ2xbq
kgSuLpI4448/JFJqE7N7Az1KasIpjYse4Fth7QQTqhvJEnDOFaw7FiEXX1kbZZc9
rbYSM9X5cJmextSJCLDOaCQuAfZ00/VJWnQnozB8msncw3+7mqzow+bzL0+hwEdz
Y3LAF9YIbiKNoTci3MoDF2yZZ9w1GHxkHQF3fJjBmcNXv1n8tQ7Hcwp1kocWVygi
CbmARgWdz9w6WUeA2chVneR3XD8zgxdTzK+PPs6aSM1vNy8UsRgFfKw7Z6qHnqHR
/6Hk6Os6P4xdHNDpgHQ7XHsP/+czDla5xKbmPLtXcaYoRLcVh+F91V/14AF9zY3c
AotuXtNjuWRjvV3HzRD9pBH2ajLAzu4eIotknBcJldChJuYXrHc57NGFErS7s5WJ
S5nCeS3NAKzmUH3817/rkS39SJP6Ga8f/uVnSOkgiX6ks+UuInRk1IkninosCs67
0wKHG5zIeYEkR/MpR+ZxuMj6DtEDRpg2ZhuHUte2NNAH1aMDYih6Fcm0HFi6eXjm
CGdaYJSeTV3F04Tip+yK79dbSEinYn+7OIZmRr/2Xs7qcSxq/CQlYNdFWQARAQAB
tCtEeW5ldGkgVGVjaG5vbG9naWVzLCBJbmMuIDx0ZWFtQGR5bmV0aS5jb20+iQJU
BBMBCAA+FiEEllFpnm0KZfoinm6FpcmbG/OY5aYFAl51HRMCGwMFCQeGH4AFCwkI
BwIGFQoJCAsCBBYCAwECHgECF4AACgkQpcmbG/OY5ab79g//fcLOJxP13Il86zvr
qewCcoYBNPJ1dhIGqNE78wekQ6MCDOpS32azipt61MA8J8y2JKpANFDPnJTNIqWx
bcoNw0SZC+fGMGnjuWjaKHpBVrb3yXgnWQzh33sV9r0HE2ZmsnQlca93IhovD3vp
mvlqOS/zaCkHewSRGBwkPgc8vbAW7l12cqVdT5rHejp4o6bVFqSZImpODjAgko2W
Ew9XAHjzFOqJ9JX5LCJfkLU44BekXkjCu9B4rb6QyCSR28Rv//TGS0miompfAa/M
JSIBJrcv5brAj+8vdbBwVud6/59LRnyhylkrNBxc7oHWoj3UkbSyuLo9Y/FLATh9
pleP3tq0aKMP1v/SM1Wfy9AXw5lfXvPFaDjG3JNpant3ymsH6o0zMKQYXzWIue9o
vn+f+ZHNEiZSkQglToAeGzYkR57emVsVnXnMzNJEOCF7QURiAoyv4eULzKrYDqiW
ANphub106Ywm7g3Md5jPmamBM45eMMxTFZaO6M0cW6hrXqPrPRWcK6ASixqfVLgv
e9gM+lX97pD3rulS8txvenxBrHryJJX0sunQtMIeOrd7pV99UKKKQ3zAw2c18RQv
KeKeJIqQlq7UaVWZY0HGcoPLmASkV9TdZHjz4LysF/JyByV/JCyjD6moYy5X6Pdw
M0ncv3LAMiumQ6bJUlxt5dt/11G5Ag0EXnUdEwEQALJbmSWEl/K2Nodbt91zVRX6
L654oUtH2iQqp0/3getfQBpDFwJgeoROxPP7VerdZ571T9kPFvl9hwiR1LvLaGbW
8Q2mbOg4mK+DSuk3U1iZi2dI5/3Azi1rAHlpLJq5MR/CBlodKLqsHdDe+XDXSWmV
/+o4Fs0DPz5HD+bhWEQfY2Ge5WXN1rZg/sAh4br+io3WerxtG8vwYvdpWy4ev6yr
NsntpGSqsPu5kCToURyahAeSgM3w5Eg0IbaN+zda4+PSbqIJajB/3JlPLfnN6Xa7
dyC5ekxxEIYZgBjl61cWj0fV6CskJgPxVeY1LLEfzVbv8cZWxSWRihO/dgN9M5Zh
iKJ6SBmEH7KjMw5g4hTP3kP+UPRtzR52eAxNuiocAlbOA307bfivM8kbkRBHq039
pEcxVycdamE+m5+9+EXGFkezlk1qOeroWSnUy1aFbIJwqQ35WVyee25SubDHdZ8J
YAYl/9ZecYmIIoTolsQBXJyPVgUmTKUz8KcSgXlksOqZeLm+Kja1kE+mek8JI91s
f/kmG8Hv/ybTckR5MHeAmcjwIWqZl9I168VmQ2DqSg8OfiQe743ZKksEH4rSoqxn
WgKV/FMkf7hdqypCtPYKxwQA30UgchamJ9HhDlBEeVYtFqVji/LCWHjiQOZb4HFZ
hy1V8rDkIPXxWFS1uigLABEBAAGJAjwEGAEIACYWIQSWUWmebQpl+iKeboWlyZsb
85jlpgUCXnUdEwIbDAUJB4YfgAAKCRClyZsb85jlpveBD/9LTh3yv4fQwjL0DXD8
qhlegmQUwqC6cKXmdS2SBH+qgeG+GcO6e5noHMZuyczrYFWNxoD9znpCfg7v0pMV
OEn04EG0HOrxR7CDgaXmVECTiLKqzh4DQ75KBLiJsVSIj+oanm701KJ8LtfgBRoq
vjvqpPH7+WzsH74sz8CZJUKGLcncUABtscd0AU7H+2o24U4gLnZzcH34kjMVCqdG
KWZ0Otv6WCwIXbpY1lASliwtkT4nr1uHvQxcKEedz5U8TpsbCLqDPLgXHFHuLtD5
+nQia+OZuHnYhC70LTsNJBxOp0uGS2916TfYSaENMVFvnr/S5VBIQXy4D5KuqhiD
k3j0l4JqU0hB4J2jA5IrksWEHaCBpMWYs0I9nnAq4FLRNXd8V4NhBkgfPiYuba/u
gXnCkB1GK++EWB6UFf6hTDfqMYfuV2OGfw4U/s5V55/shmZaiknzOrKxA2yrSpuk
GYXnIHOg/ivOHClWgNZAzZHjAK0X6kAhJcHZUa1Q4aDn2pKHGBXX+FPJtpY9O4tN
uhz1igxcd+P1u1LkpB0ABPqg9OyPpxhwuPYfyDKn/a6SN088vli5M8F15Mm+hleo
O9FeJiuT39kWFisdeRctetUxZCAT6XKRmzQ8ZX+cAY5Mk0aRvZAX+BVTU02NS6fF
/pPjUftYrBTseg6i4M+nFfzO6w==
=fl+n
-----END PGP PUBLIC KEY BLOCK-----
Save it to a file (ex. dyneti.gpg) and run this command to import the key:
gpg --import dyneti.gpg
After getting the access token for Dyneti's repo access, go to any temporary directory outside your project directory and clone our repository with the following terminal commands:
For Android
git clone https://[email protected]/Dyneti/dyscan-android-distribution
git checkout RELEASE_VERSION
For iOS
git clone https://[email protected]/Dyneti/dyscan-ios-distribution.git
git checkout RELEASE_VERSION
When asked for a password for user "dyscan", paste the access token that we provided.
Checksums and signatures are available in the same directory as your chosen release version.
Go to your dyscan.aar file location and ensure the checksum and signature files are there.
Run this command to generate checksum for your local copy of dyscan.aar and compare with our checksum:
shasum -a 256 dyscan.aar > dyscan-local.aar.sha256
diff dyscan.aar.sha256 dyscan-local.aar.sha256
If the command doesn't produce any output, it means that the checksums are the same.
If you've imported our public key, you can verify the signature of the checksum using this command:
gpg --verify dyscan.aar.sig dyscan.aar.sha256
The command will output the signature date, RSA key, creator info and verification result: good or bad signature.
gpg: Signature made Fri Mar 20 21:11:08 2020 CET
gpg: using RSA key 9651699E6D0A65FA229E6E85A5C99B1BF398E5A6
gpg: Good signature from "Dyneti Technologies, Inc. <[email protected]>" [ultimate]
Go to your DyScan.xcframework location and ensure the checksum and signature files are there.
Run this command to generate checksum for your local copy of DyScan.xcframework and compare with our checksum:
find DyScan.xcframework -type f -exec shasum -a 256 {} \; > DyScan-local.xcframework.sha256
diff DyScan.xcframework.sha256 DyScan-local.xcframework.sha256
If the command doesn't produce any output, it means that the checksums are the same.
If you've imported our public key, you can verify the signature of the checksum using this command:
gpg --verify DyScan.xcframework.sig DyScan.xcframework.sha256
The command will output the signature date, RSA key, creator info and verification result: good or bad signature.
gpg: Signature made Fri Mar 20 21:11:08 2020 CET
gpg: using RSA key 9651699E6D0A65FA229E6E85A5C99B1BF398E5A6
gpg: Good signature from "Dyneti Technologies, Inc. <[email protected]>" [ultimate]