MacOSX help - beginner installation, first time

Jonathan Cross jcross at
Tue May 26 02:26:38 CEST 2020

Hi Cyrus,

1. This is the SHA256 checksum I get for GnuPG-2.2.20.dmg:


2. The signature (GnuPG-2.2.20.dmg.sig) checked out for me:

gpg: Signature made Sat Mar 21 12:42:46 2020 CET
gpg:                using RSA key 4F9F89F5505AC1D1A260631CDB1187B9DD5F693B
gpg: Good signature from "Patrick Brunschwig <patrick at>" [full]
gpg:               aka "Patrick Brunschwig <patrick at>" [full]
gpg:               aka "[jpeg image of size 13251]" [full]
Primary key fingerprint: 4F9F 89F5 505A C1D1 A260  631C DB11 87B9 DD5F 693B


1. I have met Patrick Brunschwig in person, checked his government ID.
   He also checked mine.
2. We both cross-signed each other's keys.
3. You can verify this by getting our pubkeys from
4. You can check the OpenPGP signature on this email to verify my key is:
   9386 A2FB 2DA9 D0D3 1FAF  0818 C0C0 7613 2FFA 7695

Now, of course you don't know me, but you now have a bit more info to go on.

Maybe there's someone in this list below that you know / trust to check ID
and / or verify key fingerprints?  My key:

Meeting people in person and verifying key fingerprints is of course best,
but not always a realistic option for every piece of software :-)

Good luck!


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <>

More information about the Gnupg-users mailing list