More4apps utilises digital signatures to ensure the software provided is verified, secure and safe to use. The servlet jar file and database package file provided by More4apps can be optionally verified using a public key with detached digital signatures. This allows you to check the integrity of the files before installing into your E-Business instance.
You can verify these files on the Windows OS before transferring them to your servers. To perform the verification a PGP tool, for exampleGNUPGis required.
Verification process:
Extract the Files
Extract the R12install.zip file to a local directory and open a Command window in this directory.
Import (Receive) the Public Key
The More4apps Public Key can be imported (received) with this command:
gpg --recv-keys 5D8B6113F5099742
Set the Trust Level for the Public Key
You must set the trust level for the More4apps Public Key with this command:
gpg --edit-key More4apps
Respond to the prompts as follows:
trust
5
y
quit
Verify the Files with the Public Key
The servlet file and package body file both come with an external signature file signed with our private key. You can verify that the files have not been tampered with by running the following commands: