We suggest the following mirror site for your download:
Download jar and war files
- the ASC file (OpenPGP compatible signature) with the KEYS file (code signing keys used to sign the product)
- the SHA256 or SHA512 files (checksum).
The PGP signatures can be verified using PGP or GPG. First download the KEYS as well as the asc signature file for the relevant distribution. Then verify the signatures using:
$ pgpk -a KEYS $ gpgv fortress-core-2.0.8.jar.asc
$ pgp -ka KEYS $ gpg fortress-core-2.0.8.jar.asc fortress-core-2.0.8.jar
$ gpg --import KEYS $ gpg --verify fortress-core-2.0.8.jar.asc fortress-core-2.0.8.jar
Alternatively, you can verify the checksums of the files (see the How to verify downloaded files page).