Import the Release Key (one time)
gpg --import release-key.asc
Check validity:
Download all 4 files into one folder
Check the Checksum
echo "$(cat sha256.sum)" | sha256sum --check
Must output:
3yd-helm.tgz: OK
Check the signature:
gpg --verify sha256.sum.sig sha256.sum
Must output:
gpg: Signature made Thu Apr 22 12:57:33 2021 CEST gpg: using RSA key A0958AFDC814773189A8B35C46E54501B9FD10A4 gpg: Good signature from "3YOURMIND <security@3yourmind.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: A095 8AFD C814 7731 89A8 B35C 46E5 4501 B9FD 10A