Once again here is how to verify and install Password safe. This is an update of an earlier post. Considering this software is guarding some of your most important secrets I see it worthwhile to verify the GnuPG signature. OS this time is Ubuntu 14.04 Trusty Tahr (Linux Mint 17.2 Rafaela).
To verify the signature we need GnuPG.
- install gnupg
$ sudo apt-get install gnupg
- import project administrator’s signing key (RSA)
i. We’re going to import Rony Shapiro’s Password Safe Signing key. Go to https://pwsafe.org/contact.php click the link for “this public key”.
ii. Save the page it gives you as pwsafe.key and strip out the HTML tags.
iii. import the key
$ gpg –import pwsafe.key
gpg: key 5CCF8BB3: public key “Rony Shapiro (PasswordSafe Signing Key) <[email protected]>” imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: no ultimately trusted keys found
iiii. verify the key fingerprint against what is listed at the bottom of https://pwsafe.org/contact.php
$ gpg –fingerprint
pub 2048R/5CCF8BB3 2011-02-10
Key fingerprint = A703 C132 8EAB C7B2 0175 3BA3 9194 6451 5CCF 8BB3
uid Rony Shapiro (PasswordSafe Signing Key) <[email protected]>
sub 2048R/04B638E7 2011-02-10
- Download the package
i. SourceForge (bleh) is the only place the .deb package is available. https://sourceforge.net/projects/passwordsafe/files/ Don’t be fooled, SourceForge lists 0.94BETA as the newest release, actually 0.97BETA is the newest as of the time of writing this article. In my case, passwordsafe-ubuntu-0.97BETA.amd64.deb. There are also .debs specific to debian, RPMs and source packages available.
ii. Download the pakage signature. In my case, passwordsafe-ubuntu-0.97BETA.amd64.deb.sig
- Verify the Password Safe .deb package
You need to have the .deb and the .sig file in the same directory.
$ gpg –verify passwordsafe-ubuntu-0.97BETA.amd64.deb.sig gpg: Signature made Fri 09 Oct 2015 05:21:50 AM EDT using RSA key ID 5CCF8BB3
gpg: Good signature from “Rony Shapiro (PasswordSafe Signing Key) <[email protected]>”
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: A703 C132 8EAB C7B2 0175 3BA3 9194 6451 5CCF 8BB3
Notice the fingerprint matches the one we verified earlier listed on http://pwsafe.org/contact.shtml — ok good!
- Go ahead and install
$ sudo dpkg -i passwordsafe-ubuntu-0.97BETA.amd64.deb
- It will complain about dependencies for libwxgtk3.0-0, libxerces-c3.1, and libykpers-1-1. So, install your dependencies
$ sudo apt-get -f install
Done! To verify your .deb has been installed:
$ dpkg –get-selections | grep passwordsafe
You can launch the password safe gui either by
$ pwsafe &
or by finding ‘Password Safe’ it in your launcher menu.