Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
Request for more technical release information
Hi 1password team,
I was wondering if there is a changelog of all application releases with SHA256 signatures?
The claim is that a public list of known releases helps with tracking signed binar...
Absolutely! I'm glad you got back to me.
Here is the requested example from KeePass; an experienced industry leader in password management (2003) 21 years and still going strong!
In this case KeePass declares to the community tracable versions for each architecture-version pariring.
This is because while signatures help verify source (such as Mac Gatekeeper), hash declarations such as SHA-256 enables zerotrust tracability.
https://keepass.info/integrity.html
KeePass-2.57-Setup.exe:
MD5: 4C1CAFC2 B3A38020 8548620A 3D53DBBA
SHA-1: A4C6AE22 0ECC6B90 7E562008 09EDAB3B CDC38B30
SHA-256: EA53F7F9 44FADA95 0CD7BB15 4DEB0781 23A357B7 BC5E2484 851762B3 552EB48B
Size: 4399360 B
Sig.: [OpenPGP ASC]
KeePass-2.56-Setup.exe:
MD5: 86A0D58D 2AE89C63 9D940DBD A48308DF
SHA-1: 1280F427 D149A8C5 CA797A9E A29E711A 3FA2B5EF
SHA-256: 92529DC0 E6449ECA 21688601 02045550 54628192 17B8E8D5 1F6E7B1D D05A69EF
Size: 4398304 B
Sig.: [OpenPGP ASC]
