Security

GPG public key

Every Bad Kitty Software release is signed with this key. Use it to confirm that what you downloaded is genuine and has not been altered.

What is a GPG key?

GPG stands for GNU Privacy Guard. It is a tool for verifying that a file came from exactly who it says it did and that it has not been changed since it was released.

When Bad Kitty Software releases a file, it is signed using a private key that only Bad Kitty Software holds. This creates a small signature file (ending in .sig) that travels alongside the download. You use the public key on this page to check that signature. If it matches, the file is genuine. If it does not match, something is wrong and you should not run the file.

Why does this matter?

Anyone can host a file and call it something. Without verification, you have no way of knowing whether a download was tampered with after it left the source, or whether it was replaced by a malicious copy. GPG signing removes that uncertainty. If the signature verifies correctly using the key below, the file is exactly what Bad Kitty Software released. Always download directly from badkitty.uk and always verify.

Bad Kitty's Public GPG Key:

This is the Bad Kitty GPG public key. badkitty-public.asc
Use it to verify any Bad Kitty Software download. Import this key once and it covers all current and future Bad Kitty Software releases. This key does not expire.

You cannot download this from anywhere else and trust it, this is the only place I post this key online.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEafsboRYJKwYBBAHaRw8BAQdA7fCU0RFBwtdOEZLMErdyxC5Yf5NQUsn4fwOw
CENokpe0YkJhZCBLaXR0eSBTb2Z0d2FyZSAoQ29kZWQgdG8gcGVyZm9ybS4gU2ln
bmVkIGZvciB0cnVzdC4gTWFkZSBpbiB0aGUgVUsg8J+HrPCfh6cpIDxncGdAYmFk
a2l0dHkudWs+iJkEExYKAEEWIQSM6darijWesSeHJXW+XfW917zkgwUCafsboQIb
AwUJEswDAAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRC+XfW917zkgwcw
APwJlE+6PV8msFDHLHdgNgD6po8U1EQwMHUvXBBMN/op6wD/UMesVsgClYxZ1veA
ULZVVNtxHYej+OUrODLaSDLcdQK4MwRqAN59FgkrBgEEAdpHDwEBB0Bk+PfM4vTd
F+56vFoSH5sXthmIpuvzJH99gzY40Ho1v4jvBBgWCgAgFiEEjOnWq4o1nrEnhyV1
vl31vde85IMFAmoA3n0CGwIAgQkQvl31vde85IN2IAQZFgoAHRYhBIDrkCJlEJDV
8qVCFIt9Rmv3tGzNBQJqAN59AAoJEIt9Rmv3tGzNYyYBAIiSk4a7T7D98zACBSYV
eMpeo4DHdr+eAP+qGRKcN5EPAQCi7nCIL3bB07MByvdXr/qXe7GgE5HUn86BPDvu
R7QUDFrGAPsFBScVvLITeLH7F4mr6DNdq83NA1bDQCKVhyeZv95tnQD9FlBqgUa7
//1intHsMxZ6LXV0b3EtwVZS8U7PbpBMnAI=
=M9qr
-----END PGP PUBLIC KEY BLOCK-----

How to verify a download

You need two files from the Software Library - the software file itself and its .sig signature file.

Linux

⚠ IMPORTANT - DO NOT:

  • Unzip/Extract the file
  • Explore/Read the file
  • Run/Open the file
  • Install/Edit the file

Simply download the files and leave them alone exactly as they are.

The .tar.gz file must stay zipped and untouched during verification.

You are verifying the original downloaded package BEFORE trusting or using it.

Step 1

Download these 4 files into the same folder:

hue-1.1.0-linux.tar.gz
hue-1.1.0-linux.tar.gz.sig
badkitty-public.asc
hue-1.1.0-linux-SHA256.txt
Step 2

Open the folder containing those 4 downloaded files.

Right click inside that folder and choose:

Open in Terminal

or:

Open Terminal Here

The Terminal should now open already inside the correct folder.

If the short path to Terminal failed, click here to see the alternative method

Press CTRL + ALT + T on your keyboard to open Terminal.

Copy and paste this into the Terminal window, then press Enter/Return:

cd ~/Downloads

If that says the folder does not exist, check where your browser actually saved the 4 downloaded files, then open that folder and use the right click method above.

Step 3

Copy and paste this into the Terminal window, then press Enter/Return:

gpg --import badkitty-public.asc
Step 4

Copy and paste this into the Terminal window, then press Enter/Return:

gpg --verify hue-1.1.0-linux.tar.gz.sig hue-1.1.0-linux.tar.gz
Step 5

If you see:

Good signature from "Bad Kitty Software"

the file is genuine and has not been modified or tampered with.

Windows

⚠ IMPORTANT - DO NOT:

  • Unzip/Extract the file
  • Explore/Read the file
  • Run/Open the file
  • Install/Edit the file

Simply download the files and leave them alone exactly as they are.

The .zip or .exe file must stay untouched during verification.

Step 1

Download these 3 files into the same folder:

badkitty-public.asc
hue-1.0.0-windows.zip
hue-1.0.0-windows.zip.sig
Step 2

Install GPG4Win from:

https://www.gpg4win.org

Download the installer, run it, and follow the prompts. The default options are fine. You do not need to use Kleopatra or any other GPG4Win app directly — installing it makes the gpg command available in the terminal, which is what the steps below use.

Step 3

Open the folder containing those 3 downloaded files.

Right click inside that folder and choose:

Open in Terminal

or:

Open PowerShell window here

The terminal window should now open already inside the correct folder.

If the short path to Terminal or Command Prompt failed, click here to see the alternative method

Press the Windows key on your keyboard, type:

cmd

Then press Enter/Return.

Copy and paste this into the Command Prompt window, then press Enter/Return:

cd %USERPROFILE%\Downloads

If that says the folder does not exist, check where your browser actually saved the 3 downloaded files, then open that folder and use the right click method above.

Step 4

Copy and paste this into the terminal window, then press Enter/Return:

gpg --import badkitty-public.asc
Step 5

Copy and paste this into the terminal window, then press Enter/Return:

gpg --verify hue-1.0.0-windows.zip.sig hue-1.0.0-windows.zip
Step 6

If you see:

Good signature from "Bad Kitty Software"

the file is genuine and has not been modified or tampered with.

macOS

⚠ IMPORTANT - DO NOT:

  • Unzip/Extract the file
  • Explore/Read the file
  • Run/Open the file
  • Install/Edit the file

Simply download the files and leave them alone exactly as they are.

The .dmg or .tar.gz file must stay untouched during verification.

Step 1

Download these 3 files into the same folder:

badkitty-public.asc
hue-1.0.0-macos-universal.dmg
hue-1.0.0-macos-universal.dmg.sig
Step 2

Install GPG Suite from:

https://gpgtools.org

Download the .dmg file, open it, and drag GPG Suite into your Applications folder. Run it once to complete the installation. You do not need to use the GPG Suite app directly — installing it makes the gpg command available in Terminal, which is what the steps below use.

Step 3

Open the folder containing those 3 downloaded files.

Right click inside that folder and choose:

New Terminal at Folder

The Terminal should now open already inside the correct folder.

If the short path to Terminal failed, click here to see the alternative method

Press Command + Space, type:

Terminal

Then press Enter/Return.

Copy and paste this into the Terminal window, then press Enter/Return:

cd ~/Downloads

If that says the folder does not exist, check where your browser actually saved the 3 downloaded files, then open that folder and use the right click method above.

Step 4

Copy and paste this into the Terminal window, then press Enter/Return:

gpg --import badkitty-public.asc
Step 5

Copy and paste this into the Terminal window, then press Enter/Return:

gpg --verify hue-1.0.0-macos-universal.dmg.sig hue-1.0.0-macos-universal.dmg
Step 6

If you see:

Good signature from "Bad Kitty Software"

the file is genuine and has not been modified or tampered with.

If verification fails or you have any doubt about a download, do not run the file. Contact us and we will assist you.