GPG-Verification with signature possible?


(Tommy Mühle) #1

Hi guys,

it is possible to verify a package (in my case a .phar file) with a additional signature file (.phar.asc) via GPG?
I found an issue in cask-context (https://github.com/caskroom/homebrew-cask/issues/164) but no final answer.

Thank you and best regards,
Tommy


(Mike McQuaid) #2

I’m not sure about Cask but this is not possible in Homebrew itself. A SHA256 signature should provide a certain degree of verification for you.