Verify my downloaded apk

I was following this guide and but

https://gitlab.com/fdroid/wiki/-/wikis/FAQ#how-can-i-verify-the-downloaded-f-droidapk

I failed to trust the key part can any one help me.
And i was curious to know the line where i need to pull the gpg key from ubuntu

gpg --keyserver keyserver.ubuntu.com --recv-key 37D2C98789D8311948394E3E41E7044E1DBA2E89

How we get that receivre key hash value can any one help me

I am new bee in gpg so expected to be asking silli question

Yes it is same but i can’t do that part where it said to trust
$> gpg --edit-key 0x41E7044E1DBA2E89
gpg> trust
3 # I trust marginally
gpg> lsign
gpg> save

37D2C98789D8311948394E3E41E7044E1DBA2E89
What is this how to get that
I don’t know much about gpg can anyone help

If you read the FAQ about verifying downloads it says

Some details on this can be found in our documentation at Release Channels and Signing Keys.

follow that link, the section that lists the signing keys for the f-droid repo names that as the fingerprint:

official binary releases: https://f-droid.org/packages/org.fdroid.fdroid

  • GPG signing key: “F-Droid admin@f-droid.org
  • Primary key fingerprint: 37D2 C987 89D8 3119 4839 4E3E 41E7 044E 1DBA 2E89

so that is which public key the instructions are telling you to get.

1 Like

It is hard