Verify your downloads

There are two ways of verifying that your downloaded files are not corrupted: using the OpenPGP signatures (most secure way), or using checksums.

Releases are cryptographically signed with OpenPGP signatures. The signatures are created using Dynare Archive Automatic Signing key (fingerprint: 5081 D800 0DDB D00D 3FB3  7274 CF7C 7C54 24FA 6A8A, available on public key servers). The signatures are available in detached form in files with “.sig” extensions. Note that OpenPGP signatures are not available for Dynare snapshots. For more details about how to use OpenPGP signatures, please refer to the GNU Privacy Guard and its handbook.

Alternatively, you can verify the checksums present in the MD5SUMS, SHA1SUMS, SHA256SUMS and SHA512SUMS files of every download directory. Note that this method is less secure than verifying the detached signatures.

The detached OpenPGP signatures and the checksums are available from the following pages: