Linux and FreeBSD Package File Verification

Some users, especially enterprise customers, like to verify package files when installing AES Crypt or other third-party packages. This page provides instructions for how to do that for individual download files, RPM package files, and Debian files.

The key Terrapane uses to sign package files is available in both ASCII and binary forms from these URLs:

  • https://www.terrapane.com/terrapane.asc (ASCII)
  • https://www.terrapane.com/terrapane.gpg (binary)
The ASCII armored version is also shown below just for your convenience.

Terrapane Signing Key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZnioyRYJKwYBBAHaRw8BAQdARBag3n5ehV9WizHVuzS+vbAikwVQfseWlVhz
x/YBkNO0KVRlcnJhcGFuZSBTdXBwb3J0IDxzdXBwb3J0QHRlcnJhcGFuZS5jb20+
iJMEExYKADsWIQTCZNwPHBOkuxjKrxvnvpgrzVDd9AUCZnioyQIbAwULCQgHAgIi
AgYVCgkICwIEFgIDAQIeBwIXgAAKCRDnvpgrzVDd9DiGAP9lfUbSiFYx/yj3X246
/i0uUP0taN5dxx3wKRbrI05adwEApiEr/hktNmFy2laYGNwzK++UhSaQ7FrrHENx
zQoBNQO4OARmeKjJEgorBgEEAZdVAQUBAQdAjawPXr/wvH7oBykiDV5/tYVW+aTX
lLZB91r0dOQnuykDAQgHiHgEGBYKACAWIQTCZNwPHBOkuxjKrxvnvpgrzVDd9AUC
ZnioyQIbDAAKCRDnvpgrzVDd9NfgAP9GlHIUYeFpbCa2hphhRtMf4LJhaMvX5tTG
mgR/DTn4KQEA7e9z4g5RqfBZiVcPkBAZK1Y8wteMO16EgNUWvFPBMQM=
=nJuJ
-----END PGP PUBLIC KEY BLOCK-----

Signature Files for Linux and FreeBSD

Starting with AES Crypt 4.3, a separate signature file is available for download from the same location as the download file. To get that signature file, append ".sig" to the end of the URL.

You will need to download Terrapane's GPG key and import the key into GnuPG. (This URL will download the same key as shown above.)

Once the signature file is downloaded and being in the same directory as the software download file, one can then verify the file signature using a command like gpg --verify aescrypt_gui-4.3.0-Linux-x86_64.pkg.tar.zst.sig.

RPM-based Linux Systems

Fetch the file terrapane.asc (ASCII version) or copy it from just above. Run the command rpm --import terrapane.asc. This will import the key so that package files can be verified.

Once the key is imported, you will not have to perform the above step again to verify future .rpm releases.

Once the key is imported, AES Crypt files can be verified using the command rpm -K aescrypt_cli-4.0.0-Linux-x86_64.rpm, replacing the filename with the name of the actual file you wish to verify. You can also use the "-v" flag to get more verbose output.

Debian-based Linux Systems

On Debian-based systems, you first need to install a policy file. Below is the policy file to install and it must be placed in /etc/debsig/policies/E7BE982BCD50DDF4/terrapane.pol.

First, create the directory for the policy file using mkdir -p /etc/debsig/policies/E7BE982BCD50DDF4. Once the directory is created, copy the following into a file named terrapane.pol file in /etc/debsig/policies/E7BE982BCD50DDF4.

Terrapane Policy File

<?xml version="1.0"?>
<!DOCTYPE Policy SYSTEM "https://www.debian.org/debsig/1.0/policy.dtd">
<Policy xmlns="https://www.debian.org/debsig/1.0/">
  <Origin Name="Terrapane" Description="Terrapane Group, Inc." id="E7BE982BCD50DDF4"/>
  <Selection>
    <Required Type="origin" File="terrapane.gpg"/>
  </Selection>
  <Verification MinOptional="0">
    <Required Type="origin" File="terrapane.gpg"/>
  </Verification>
</Policy>

Next, you need to put the de-armored version of the Terrapane key in place. Create the directory for the file using mkdir -p /usr/share/debsig/keyrings/E7BE982BCD50DDF4. Then, install the key using curl -s https://www.terrapane.com/terrapane.gpg >/usr/share/debsig/keyrings/E7BE982BCD50DDF4/terrapane.gpg.

Once the policy file is in place and the key is in the proper location, you will not need to perform the above steps in the future to verify future .deb file releases.

Once those two steps are complete, AES Crypt files can be verified using the command debsig-verify aescrypt_cli-4.0.0-Linux-x86_64.deb, replacing the filename with the actual name of the file you wish to verify.