Verification of Signed Protector Build

Verify the integrity of Protegrity generated protectors before installing the protectors to ensure security.

Verifying the signed protector build on the Linux platform

The digital signature of the signed protector build on the Linux platform, using the GNU Privacy Guard (GPG) encryption key, must be verified.

To verify the digital signature on the Linux platform:

  1. Download the protector to any location on the machine where you want to install the protector.

  2. To get the GPG encryption key from the ESA, which is located in the /opt/verification_keys/ directory, run the following command on the protector machine.

    sshpass -p <ESA root password> scp -r root@<ESA ip>:/opt/verification_keys/10.0.gpg <location of 10.0.gpg file>

  3. Import the key to the GPG utility using the following command.

    gpg --import <location for 10.0.gpg file>

  4. Extract the protector build using the following command.

    tar -xvf <protector build (.tgz)>

  5. Verify the signature using the following command.

    gpg --verify signatures/<signature of protector build (.sig)> <protector build (.tgz)>

  6. Extract the protector build again using the following command to obtain the various components to install the protector.

    tar -xvf <protector build (.tgz)>

Verifying the signed protector build on the Windows platform

The digital signature of the signed protector build on the Windows platform, using the GNU Privacy Guard (GPG), must be verified.

To verify the digital signature on the Windows platform:

  1. Download the protector to any location on the machine where you want to install the protector.

  2. From 10.0 ESA, get the gpg encryption key which is located in /opt/verification_keys folder to the protector machine.

  3. Run the following command on the protector machine to transfer the file in the current directory.

    scp -r root@<ESA_IP>:/opt/verification_keys/10.0.gpg .

    Note: Alternatively, login to the ESA using ssh. Navigate to the /opt/verification_keys/ folder and download the 10.0.gpg file manually. Then upload it to the protector machine.

  4. Install gpg4win on your Windows protector machine.
    a. Navigate to https://files.gpg4win.org/.
    b Download the latest https://files.gpg4win.org/gpg4win-4.4.1.exe installer.
    c. Run the downloaded installer.
    d. Verify the installed version using the following command.
    gpg --version
    The gpg version gets displayed. For example; gpg (GnuPG) 2.4.8.

  5. Import the key to the GPG utility using the following command.

    gpg --import <location for 10.0.gpg file>

  6. Extract the protector build file.
    a. Right-click the protector build file and click Extract All.
    b. Click Extract.

  7. Verify the signature using the following command.

    gpg --verify <full path of signature file (.sig)> <full path of protector build (.zip)>

    The signature file “.sig” is present in the signatures folder.

  8. Extract the protector build file to get other components.
    a. Navigate to the protector build folder.
    b. Right-cick the protector build file and click Extract All.
    c. Click Extract.


Last modified : December 18, 2025