search
githubEdit

signature-lockVerify Your Copy of Warp Vault

Packfiles takes the security of our products and protection of our customers extremely seriously.

To prevent tampering, all Warp Vault releases are cryptographically signed using industry-standard techniques. To verify the authenticity and integrity of your Warp Vault download, we recommend following the steps below for your host operating system.

triangle-exclamation

If you experience a verification failure for a Warp Vault release and suspect tampering, please notify the Packfiles Security Team immediately at [email protected]envelope.

Jump to instructions for:

hashtag
macOS

On macOS systems, the code signature of Warp Vault can be inspected with the following command:

codesign -dv --verbose=4 /Path/To/Your/Copy/Of/Warp\ Vault.app

This will produce output similar to the below. Verify that the Authority field matches Developer ID Application: Packfiles Inc (LQ28J3F3JH), and that the TeamIdentifier field matches LQ28J3F3JH.

Executable=/Applications/Warp Vault.app/Contents/MacOS/Warp Vault
Identifier=io.packfiles.vault
Format=app bundle with Mach-O universal (x86_64 arm64)
CodeDirectory v=20500 size=99230 flags=0x10000(runtime) hashes=3090+7 location=embedded
VersionPlatform=1
VersionMin=720896
VersionSDK=918784
Hash type=sha256 size=32
CandidateCDHash sha256=ba7c6219f8c7eb29db4f6e80d00364acaff85b1a
CandidateCDHashFull sha256=ba7c6219f8c7eb29db4f6e80d00364acaff85b1a0b832b6fd54663aeda53e0c8
Hash choices=sha256
CMSDigest=ba7c6219f8c7eb29db4f6e80d00364acaff85b1a0b832b6fd54663aeda53e0c8
CMSDigestType=2
Executable Segment base=0
Executable Segment limit=7553024
Executable Segment flags=0x1
Page size=4096
CDHash=ba7c6219f8c7eb29db4f6e80d00364acaff85b1a
Signature size=9046
Authority=Developer ID Application: Packfiles Inc (LQ28J3F3JH)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Apr 9, 2025 at 18:47:11
Info.plist entries=14
TeamIdentifier=LQ28J3F3JH
Runtime Version=14.5.0
Sealed Resources version=2 rules=13 files=3
Internal requirements count=1 size=180

hashtag
Windows

On Windows, you can inspect the certificate chain of Warp Vault's MSIX installer or .exe file to verify its authenticity.

Right click on your downloaded copy of the Warp Vault installer and select Properties.

In the Properties view, select Digital Signatures, then click on Details.

In the Details view, select Advanced. Verify that the Serial number field of the signature has a value of 67d7636c9135682d620110e6.

hashtag
Linux

Linux builds of Warp Vault are signed with the Packfiles' Vault Linux Releases (A) PGP key. This key's fingerprint is:

The public key is:

You can check the signature of a given Warp Vault release with the following process.

hashtag
1. Import the Key

Save the PGP public key block above to a file on disk. Then run:

hashtag
2. Verify the Signature

After downloading a Linux release of Warp Vault, extract the contents of the archive and run the following command to verify the signature.

You should see output like the following:

In the output from the verification command, ensure that the Primary key fingerprint field matches the Packfiles' Vault Linux Releases (A) PGP key fingerprint of ED67E8E35FB2EB52F6C81937BD4C2E3452360800.

circle-check

You can safely ignore the This key is not certified with a trusted signature!message in the verification output. This message is related to whether the Packfiles PGP key is marked as trusted in your local GPG trust store, and has no bearing on the validity of the PGP signature for the Warp Vault executable.

PreviousDownload Warp VaultNextSupported Credential Providers

Last updated

Was this helpful?