Verify your install

Tip

Verification is optional but recommended for security-conscious users. Every release publishes a SHA256SUMS.txt file alongside the installers.

Verify a downloaded installer

From the release’s GitHub Releases page, download the SHA256SUMS.txt file alongside your installer. Then:

# macOS / Linux
shasum -a 256 -c SHA256SUMS.txt --ignore-missing

# Windows (PowerShell)
Get-FileHash -Algorithm SHA256 Kadrack_X.Y.Z_x64.msi
# Compare the printed hash against the line in SHA256SUMS.txt manually.

Updater public-key fingerprint

Auto-update payloads are signed with an ed25519 key held only in this project’s GitHub Actions secrets. The public half is embedded in every Kadrack build; you can verify the copy you have matches the canonical fingerprint below.

Current public-key fingerprint (SHA-256, first 32 hex chars):

Fingerprint value will be published here once we cut the first signed release (M9 Phase A ship-gate). For now, read the fingerprint in-app at Settings → About → Show developer info.

Where the app shows it: Settings → About → “Show developer info” → Updater public-key fingerprint.

If the two strings don’t match, stop — your copy of Kadrack may have been tampered with. Report the discrepancy via GitHub Issues.