The official Drep releases have signed hashes that you should check to confirm that they are the same binaries that the developers posted. This page provides instructions for that.
In order to verify binaries or other signed files from the Drep Project, there are a couple pieces of software required:
- SHA-256 – Once you download your file(s), you need to check their SHA-256 hashes, so you may need to download a tool to do this, depending on your OS.
The following instructions should work as is on Linux/UNIX/macOS. Windows users will have to install sha256 and gnupg themselves and use the windows cmd terminal to do this. The steps to verify the binaries are as follows:
Download the file manifest, the signature for the file manifest, and zip for your OS from here. Obtain the SHA-256 value for the zip for your OS and check that it matches the value in the file manifest, e.g. for 64-bit Linux/mac: linux: $ sha256sum drep 89c06e74cfdab29a574afc68706277438bafa2ea0fd2003b8653e9bbc0b0cdca drep mac: $ openssl sha256 drep SHA256(drep)= 49ad3fc7716c89194ba0268a823a15f35c59273a10bda9af932f9358bf7e2908
Compare the value you got in Step One to the value for the file in the manifest file.
The zip with binaries for your platform is now verified and you can be confident they were generated by the Drep Project.