Initial release (v0.1.0)

Changelog

This is the initial release of cpass.

Verifying the signature

cpass binaries are packaged with a PGP signature to verify the authenticity of the builds. gpg is required to verify signatures like this. You can fetch and import the signing key by executing the following:

curl https://raw.githubusercontent.com/AlexSSD7/cpass/5d7c7b11097c50f68e5f0be50cbe436f5608a6b3/keys/AlexSSD7.key | gpg --import

Once you have imported the key, you can run the following to verify the signature of the file with SHA-256 hashes:

gpg --verify cpass_sha256_v0.1.0.txt.sig cpass_sha256_v0.1.0.txt

You should then see something like this:

gpg: Signature made Mon 09 Oct 2023 09:44:18 AM BST
gpg:                using RSA key F7231DFD3333A27F71D171383B627C597D3727BD
gpg: Good signature from "AlexSSD7 <alexandersadovskyi7@protonmail.com>" [ultimate]

Please ensure that the key ID is F7231DFD3333A27F71D171383B627C597D3727BD

After the signature is verified successfully, you may now open the hashes file (cpass_sha256_v0.1.0.txt) and compare the checksums. You can generate a checksum by executing the following command:

sha256sum <file path>