Verify Onisin Software with GPG

We publish a public signing key so you can verify that the installer you downloaded is authentic and unmodified.

1. Download the Onisin Public Key

Download the key from the official Onisin website and keep it locally.

Public key file: onisin.asc

Tip: Save it in your Downloads folder.

If you already have GPG installed, you can skip this step.

Install via Homebrew:

brew install gnupg

Alternatively: Install a GUI bundle such as GPGTools.

Install Gpg4win (PowerShell):

winget install -e --id GnuPG.Gpg4win

You can also install Gpg4win from its official installer if you prefer.

Install via APT (Debian/Ubuntu/Mint):

sudo apt-get update && sudo apt-get install -y gnupg

Import the downloaded onisin.asc into your local GPG keychain.

From your Downloads folder:

cd ~/Downloads && gpg --import onisin.asc

From your Downloads folder (PowerShell):

cd $HOME\Downloads ; gpg --import onisin.asc

From your Downloads folder:

cd ~/Downloads && gpg --import onisin.asc

Fingerprint (recommended)

After importing, confirm the key fingerprint matches what we publish.

Expected fingerprint: 33FD DE1E BD24 088D 350F E9DA 6F9A 101A F208 02FE

Show imported key details:

gpg --fingerprint "onisin"

Each installer has a corresponding signature file next to it with .gpg.sig appended. Download both files, then verify.

Example:

Verify command:

gpg --verify <SIGNATURE_FILE>.gpg.sig <INSTALLER_FILE>

If everything is correct, you should see:

gpg: Signature made ...
gpg:                using RSA key <KEY_ID>
gpg: Good signature from "onisin <info@onisin.com>"

If verification fails

Do not run the installer. Re-download from /downloads and verify again.