Guide to check the authenticity of the signature
That binary files were digitally signed by the JAP-Team. Thereby you get the oportunity to check the files you downloaded regarding their origin. With the digital signature you can determine if the files were corrupted during the download or even manipulated. Below are instructions for testing the signature with the two most common programs in that area: "Pretty Good Privacy" (PGP) and the "Gnu Privacy Guard" (GPG). We assume that you've already installed a current version of one of them. Instructions on how to download and install those programs are on the web sites of PGP and GPG .
After you have downloaded and installed GPG successfully, you have to import the JAP-Team's PGP-key.
At a command prompt enter: gpg --import jappgp.asc
To verify the key, please check the key's finger print. Enter gpg --edit-key jap to start GPG's key editing mode and at GPG's own "Command>" prompt, just enter fpr to compute the key's finger print.
Now the fingerprint of the downloaded JAP key is shown. You can compare it with the key shown above and if they're the same, sign our key. You should still have a "Command >" prompt on your screen. Simply enter:
To verify the integrity of your downloaded JAP file please move the file and
the appropriate signature file to the same directory
After you have downloaded and installed PGP successfully, you have to import the PGP-key of the JAP-Team. Just doubleclick on the asc-file you have downloaded and choose "import" in the following window. Now you can verify the authenticity of the key. Compare the fingerprint of the imported key to this one: B965 99E4 05EB 4202 895C 27DC D022 60C9 73EE 1DD1
The fingerprint of your imported key is shown when you start PGPkeys,
right click on the key of the JAP-Team and choose "Key Properties".
To start the actual verification please put the JAP file and the appropriate
signature file in the same directory.
Now simply double click on the signaturefile. You
should get a new window on your screen that looks like the one below.
The window must not contain a string like "Bad Signature" and
the column tagged "Validity" has to contain a green light or something
with the same meaning.