The CLI download comes with a .sig file. How would I use that to validate the download?
1Password Version: Not ProvidedExtension Version: Not ProvidedOS Version: Not ProvidedSync Type: Not Provided
Hey @ryansch you can see those instructions in our getting started guide: https://support.1password.com/command-line-getting-started/#set-up-the-command-line-tool
Perfect! Thanks @cohix.
@cohix keybase pgp verify -d op.sig -i op -S 1password might be an even better verification command
keybase pgp verify -d op.sig -i op -S 1password
Cool, we'll look into it
@ryansch Great alternative! UX-wise, the keybase command line is a step forward. Its output has a much clearer wording, which makes it much less fear-inducing to users who are not crypto experts.
That said, the gpg variant may still remain useful. Some users may prefer not to join Keybase, not to install their software, or not to trust yet another party in the chain.
Yes, we considered the keybase tools, but we decided that asking users to join keybase just to validate our signatures was ridiculous. GPG should suffice for most people.
@cohix: keybase actually works without logging in. But the command needs to have the keybase GUI running which isn't ideal if you use the command infrequently.
Ah okay I understand. Thanks for the heads up.