Tools

GNU general public license

Some of our software may include ancillary code licensed under the GNU general public license (GPL).
In case you need a copy of the corresponding GPL source code, please contact us.

Code signature verification

Customers can verify that the signed code they have received is indeed from Buzzinbees and that it has not been manipulated in any way by a third party. Buzzinbees signs the software with a private digital key only held by us.

Verification using RPM

Use the rpm command to verify your software. Copy and paste the Buzzinbees public key below into a new file named BuzzinbeesPublicKey.pub and install it on your system. To correctly copy the key, highlight all text below, starting with -----BEGIN PGP PUBLIC KEY BLOCK-----, continuing through and including -----END PGP PUBLIC KEY BLOCK-----. You can then verify that the public and private keys match your signed file to confirm the integrity and origin of your file.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)

mQGiBEuodpMRBACIGA2ncZZ6aIF3660HAYlq+NqLjfEMTTg5CwzctNjNRPePQ0Ce
37Bx5jjnqw0VgihfFryUmBdc7I2zt48n8os+KXI7Q4mrDUEiFdHgPs3Cp6QwFM3w
8A1a11YZitDAvHqNt+hUk+WMDNjiS+f/gP5WVvu/N28BHUUpZDhRpD0mjwCgt1/1
tiILbqQoU1WwW/EtUnvPQm0D/i1oI4ZQVGThnSs5HVl87j70E4GiT7lxtQD4iWX0
2iXV6R1NeuR30IU3XTvXKtpuETrirupKbO+l+OaN9TGh1TmSAny/u4Ls3aOrW4BU
DXwsCPvQhAsxQ810VQFwrBSTTtnkAq8cHdZVk0+77ORA3rkvLwa9IBYgO1iqzSNI
XdF0A/0bclFvNwMfm6DSz2c4aWDQsX6hRZzH1Vf7l5n1mWTq+z0anZUcWzzOg2PK
Ljfo0+nfvXOekDYsBZOQTJpzAkhcUfmTDF3Od5KdVs/bP7TQZfAJCaPAPC/8lAfA
Mi2XrANQ2lFAN4flCA4z2tp+meo7aWjA4ODbGZjS+fkApIB4frQKQnV6emluYmVl
c4hgBBMRAgAgBQJLqHaTAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQwHmQ
qbqrBA6aGgCdEv75an1n2nR0OfEehUQNp+Bk13IAnAsWlMbYmb72P6wOgracEQeT
2pK8uQINBEuodpkQCACelExh8QFg13TALkmy086TbjKj5qm16d9GGqiqaFn9JUDz
QhlzQCuOB0KAD0WIedXwaXiz2ejpK2DAz3JnnlbealYq0LNWTvYSFfTqW0QgP+yh
hxh6gNWhP3d7+XCHMrLFa7PpKK7Ws6RBTj44mdJmjI4B4gSBhdShbbpZQPJrqSnL
0Ws9/Nt+LXQa4HoHAdIA2PVZYCmPLjeM8Sdo6kXWKkFlykWFOlUr96iz99c7gp/8
YrwhWO1WzU4sCA201taxjisqUbO/9DwEzI/tMVw1q1S6OQM5m3eVPfx2fbdGCHxI
Q1C/lALZ8J/8nBGdVnN4MNT1ylMg4ZqowMwNp1+TAAMGB/4u2F530X06V+S7mHHy
lAwoiJraRNBqI/NfAKSF24CxC+5mpsyJkgWhMlQezZyv/S19MtYQ0oMGja0kJZzG
6+GO24Cqrw1bjggrurHTUPe75kqrvt1Ti9RMZ1bYKKJUySpn+86Ty+YF1lBx46mx
2NTcsdWDOdjzJpI3GIvT6Dj2cByu+FEWJgGK03jUOXl0P5fgvyxTWqb5Wd06g9Em
a7KltH3WIEoCIxHns8IU4T0vj1ZIFkzomruO7ij/CL4D37C0IIGlsMNCSC9LopLA
raLDCfS6DRfxJWN76hQygdk498CxGih5mFGHFkGrlre0/tqbUARxsTF5pGJOT9fF
2t1LiEkEGBECAAkFAkuodpkCGwwACgkQwHmQqbqrBA7lIACdHyr2oj80ONmkckGs
u140ccZU0M8An14T9gcpNrrzYBiwkw/Z+AVayD0T
=pcGd
-----END PGP PUBLIC KEY BLOCK-----

Install the public key using the –import flag of the rpm command, running as root:

# rpm --import BuzzinbeesPublicKey.pub

Use the rpm –checksig command to validate and verify the digital signature of the file. The command output indicates the signature validity:

# rpm --checksig file.rpm 
file.rpm: (sha1) dsa sha1 md5 gpg OK

If your file does not pass verification or you do not have the Buzzinbees public key installed, you may see an error:

# rpm --checksig badfile2.rpm 
badfile2.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: key#s)

In this case, do not install the rpm. This means the file has been modified in some way since its release by Buzzinbees.

Verification using GPG

In order to verify files signed with GPG, first copy and paste the Buzzinbees public key shown above into a new file named BuzzinbeesPublicKey.pub and install it on your system, setting the appropriate trust level. You can then verify that the public and private keys match your signed file to confirm the integrity and origin of your file.

Install the Buzzinbees public key using the –import flag of the gpg command:

# gpg --import buzzinbeesPublicKey.pub

Now use the gpg –verify command to validate and verify the digital signature of the signed file. The command output indicates the signature validity. In this case, specify the file used to create the signature and a separate signature file:

# gpg --verify filename.sig filename

If the level of trust on the key has not been set, the command returns a trust level warning:

gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.

Because you have downloaded the key from this site, and this site is SSL-secured by Buzzinbees, you can ultimately trust that this public key is indeed from Buzzinbees. Then edit the key to set the key trust level for proper verification.

# gpg --edit-key "Buzzinbees"

Type the command trust, and select 5 for trusting the key. Confirm and quit.

From now on, you should not see the untrusted identity warning when verifying the signature.