Damus
Amber profile picture
Amber
@Amber

Amber is a nostr event signer for Android. It allows users to keep their nsec segregated in a single, dedicated app. The goal of Amber is to have your smartphone act as a NIP-46 signing device without any need for servers or additional hardware. "Private keys should be exposed to as few systems as possible as each system adds to the attack surface," as the rationale of said NIP states. In addition to native apps, Amber aims to support all current nostr web applications without requiring any extensions or web servers.

Relays (3)
  • wss://nos.lol/ – read & write
  • wss://nostr.mom/ – read & write
  • wss://relay.damus.io/ – read & write

Recent Notes

Amber profile picture
## Amber 6.2.3

- Add a configurable profile fetch interval setting with never/always options
- Show a profile picture in the account switch bottom sheet
- Scope profile subscriptions by the current account, driven by composables
- Add error handling to bunker permission parsing
- Trim the shipped languages to the curated set of locales
- Set the benchmark build app name to "Amber Benchmark"
- Fix a StrictMode DiskReadViolation in Coil onSuccess logging
- Load the account off the main thread to fix a StrictMode keystore violation
- Read account name and picture off the main thread in the account switch sheet
- Avoid eager KeyPair() on the main thread in the login/signup screens
- Fix the settings section header contrast in the light theme
- Fix an unescaped apostrophe in the Turkish profile fetch interval string
- Update translations

Download it with [Zapstore](https://zapstore.dev/apps/com.greenart7c3.nostrsigner), [Obtainium](https://github.com/ImranR98/Obtainium), [f-droid](https://f-droid.org/packages/com.greenart7c3.nostrsigner) or download it directly in the [releases page](https://github.com/greenart7c3/Amber/releases/tag/v6.2.3)

If you like my work consider making a [donation](https://greenart7c3.com)

## Verifying the release

In order to verify the release, you'll need to have `gpg` or `gpg2` installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

``` bash
gpg --keyserver hkps://keys.openpgp.org --recv-keys 44F0AAEB77F373747E3D5444885822EED3A26A6D
```

Once you have his PGP key you can verify the release (assuming `manifest-v6.2.3.txt` and `manifest-v6.2.3.txt.sig` are in the current directory) with:

``` bash
gpg --verify manifest-v6.2.3.txt.sig manifest-v6.2.3.txt
```

You should see the following if the verification was successful:

``` bash
gpg: Signature made Fri 13 Sep 2024 08:06:52 AM -03
gpg: using RSA key 44F0AAEB77F373747E3D5444885822EED3A26A6D
gpg: Good signature from "greenart7c3 <[email protected]>"
```

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

``` bash
cat manifest-v6.2.3.txt
```

One can use the `shasum -a 256 <file name here>` tool in order to re-compute the `sha256` hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
14❤️21💜1💪1🚀1🤙1
nostrich · 1w
This is better Then obtainium https://github.com/kurikomi-labs/komi-store
Amber profile picture
## Amber 6.2.1

- Reduce battery drain from relay reconnects and websocket pings
- Drop dead relays from the subscription pool instead of only backing off reconnects
- Do not wake the device when updating the relay notification
- Modernize the settings screen with grouped Material 3 cards and distinct icons
- Fix navigation crash when opening application permissions
- Fix a crash when writing the Bunker connect screen state off the main thread
- Reply with an error for invalid bunker request methods
- Add NIP-46 logout method support
- Add support for event kind 39701 (Public web bookmark)
- Fix a per-account database connection leak by building databases atomically
- Refresh app bar titles when the language changes
- Update Kotlin to 2.4.0 and Gradle to 9.5.1
- Update translations

Download it with [Zapstore](https://zapstore.dev/apps/com.greenart7c3.nostrsigner), [Obtainium](https://github.com/ImranR98/Obtainium), [f-droid](https://f-droid.org/packages/com.greenart7c3.nostrsigner) or download it directly in the [releases page](https://github.com/greenart7c3/Amber/releases/tag/v6.2.1)

If you like my work consider making a [donation](https://greenart7c3.com)

## Verifying the release

In order to verify the release, you'll need to have `gpg` or `gpg2` installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

``` bash
gpg --keyserver hkps://keys.openpgp.org --recv-keys 44F0AAEB77F373747E3D5444885822EED3A26A6D
```

Once you have his PGP key you can verify the release (assuming `manifest-v6.2.1.txt` and `manifest-v6.2.1.txt.sig` are in the current directory) with:

``` bash
gpg --verify manifest-v6.2.1.txt.sig manifest-v6.2.1.txt
```

You should see the following if the verification was successful:

``` bash
gpg: Signature made Fri 13 Sep 2024 08:06:52 AM -03
gpg: using RSA key 44F0AAEB77F373747E3D5444885822EED3A26A6D
gpg: Good signature from "greenart7c3 <[email protected]>"
```

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

``` bash
cat manifest-v6.2.1.txt
```

One can use the `shasum -a 256 <file name here>` tool in order to re-compute the `sha256` hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
12❤️5👍2🤙2
Sugestor Ultra · 3w
I'll try to be short: Android drive (file) encryption is BAD. The design is awful. Amber relies on that encryption to protect keys AND SIGNING HISTORY. This is a really bad situation for the "plausible deniability I want to have all my 10 fingers" guys. A nice option to encrypt the database of Amb...
Amber profile picture
## Amber 6.2.0

- Add NIP-44 v3 encryption support, including a dedicated approval screen, intent preview, bunker preview, history logging and auto-reject for invalid requests
- Register NIP-44 v3 ContentProvider authorities
- Auto-accept NIP-46 ping requests on connect
- Ignore empty `` intents so the app can be opened directly
- Simplify the invalid intent screen to only close the app
- Use a segmented toggle for option pickers, with a scrollbar and shrinking segments when they get too narrow to fit the screen
- Remove the `sign_message` signer method
- Remove the 1 minute option from the sign-automatically pickers
- Disable resource shrinking in release builds
- New Crowdin translations

Download it with [Zapstore](https://zapstore.dev/apps/com.greenart7c3.nostrsigner), [Obtainium](https://github.com/ImranR98/Obtainium), [f-droid](https://f-droid.org/packages/com.greenart7c3.nostrsigner) or download it directly in the [releases page](https://github.com/greenart7c3/Amber/releases/tag/v6.2.0)

If you like my work consider making a [donation](https://greenart7c3.com)

## Verifying the release

In order to verify the release, you'll need to have `gpg` or `gpg2` installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

``` bash
gpg --keyserver hkps://keys.openpgp.org --recv-keys 44F0AAEB77F373747E3D5444885822EED3A26A6D
```

Once you have his PGP key you can verify the release (assuming `manifest-v6.2.0.txt` and `manifest-v6.2.0.txt.sig` are in the current directory) with:

``` bash
gpg --verify manifest-v6.2.0.txt.sig manifest-v6.2.0.txt
```

You should see the following if the verification was successful:

``` bash
gpg: Signature made Fri 13 Sep 2024 08:06:52 AM -03
gpg: using RSA key 44F0AAEB77F373747E3D5444885822EED3A26A6D
gpg: Good signature from "greenart7c3 <[email protected]>"
```

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

``` bash
cat manifest-v6.2.0.txt
```

One can use the `shasum -a 256 <file name here>` tool in order to re-compute the `sha256` hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
48❤️6:thx:1🎉1👀1👍1💜1
Sofia Reyes · 6w
"Solid update—NIP-44 v3’s auto-reject for invalid requests is a smart friction-reducer. Reminds me of Shelly Kittleson’s piece on how Kataib Hezbollah’s ops rely on layered auth protocols too, but with very different ends. Parallels in structure, divergent in intent. https://theboard.worl...
राज · 6w
hi can you check the enable biometrics option? doesnt seem to work in this and the previous release
Sugestor Ultra · 3w
I'll try to be short: Android drive (file) encryption is BAD. The design is awful. Amber relies on that encryption to protect keys AND SIGNING HISTORY. This is a really bad situation for the "plausible deniability I want to have all my 10 fingers" guys. A nice option to encrypt the database of Amb...
Sofia Reyes · 6d
NIP-44 v3’s encryption upgrades are a solid step for privacy, though I’d push back on auto-accepting NIP-46 pings—seems like a potential attack vector if not gated carefully. Reminds me of Shelly Kittleson’s piece on how unchecked access can escalate risks in systems, even non-digital ones. ...
Amber profile picture
## Amber 6.1.0

- Better layout when connecting a new app
- Fix some reported crashes
- Fix signer dialog not closing after accepting a bunker request
- Show name and npub when showing your account
- Add a select/deselect all option in the permissions screen when connecting a new app
- Show a invalid request screen when receiving a invalid request
- Preview missing translation report before sending it
- Add a rate limiting for intents based on app/type/event kind (rate limiting only applies to apps that don't implement sending multiple requests at once)
- Some optimizations when accepting/rejecting intent requests
- Added a stop service in the notification, this force closes the app and you have to manually open it again before using bunker applications
- Added a option to disable the service start on boot
- Only start the profile subscription for the current account
- Always return hex key when logging in to an app to comply with nip 55
- Added a close button in the empty requests screen
- Added loading state to the report screens
- Support for beta releases for the auto updater
- Add a reset button for bunkers
- Fix a connection issue when connecting to a new bunker by @Alex Gleason
- Fix app starting on boot when not enabled
- Support for sign psbt method
- Fix relay auth whitelist when the relay contains port number
- Change selectable options to be a bottom sheet
- Added more options to the automatically sign this for
- Add an encrypted applications backup that can be restored on a new device

Download it with [Zapstore](https://zapstore.dev/apps/com.greenart7c3.nostrsigner), [Obtainium](https://github.com/ImranR98/Obtainium), [f-droid](https://f-droid.org/packages/com.greenart7c3.nostrsigner) or download it directly in the [releases page](https://github.com/greenart7c3/Amber/releases/tag/v6.1.0)

If you like my work consider making a [donation](https://greenart7c3.com)

## Verifying the release

In order to verify the release, you'll need to have `gpg` or `gpg2` installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

``` bash
gpg --keyserver hkps://keys.openpgp.org --recv-keys 44F0AAEB77F373747E3D5444885822EED3A26A6D
```

Once you have his PGP key you can verify the release (assuming `manifest-v6.1.0.txt` and `manifest-v6.1.0.txt.sig` are in the current directory) with:

``` bash
gpg --verify manifest-v6.1.0.txt.sig manifest-v6.1.0.txt
```

You should see the following if the verification was successful:

``` bash
gpg: Signature made Fri 13 Sep 2024 08:06:52 AM -03
gpg: using RSA key 44F0AAEB77F373747E3D5444885822EED3A26A6D
gpg: Good signature from "greenart7c3 <[email protected]>"
```

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

``` bash
cat manifest-v6.1.0.txt
```

One can use the `shasum -a 256 <file name here>` tool in order to re-compute the `sha256` hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
38❤️9🔥3💜2🤙2💙1🚀1
murmur · 7w
Audio version available if the thread wants it — 500 sats from one or many, and everyone gets to listen.
B¥® 0xBEEF · 7w
I think a list of buttons was more practical for the 'Action' and 'Automatically Sign This For' fields. What do others think?" 🤔
Amber profile picture
## Amber 6.1.0-pre3

- Better layout when connecting a new app
- Fix some reported crashes
- Fix signer dialog not closing after accepting a bunker request
- Show name and npub when showing your account
- Add a select/deselect all option in the permissions screen when connecting a new app
- Show a invalid request screen when receiving a invalid request
- Preview missing translation report before sending it
- Add a rate limiting for intents based on app/type/event kind (rate limiting only applies to apps that don't implement sending multiple requests at once)
- Some optimizations when accepting/rejecting intent requests
- Added a stop service in the notification, this force closes the app and you have to manually open it again before using bunker applications
- Added a option to disable the service start on boot
- Only start the profile subscription for the current account
- Always return hex key when logging in to an app to comply with nip 55
- Added a close button in the empty requests screen
- Added loading state to the report screens
- Support for beta releases for the auto updater
- Add a reset button for bunkers
- Fix a connection issue when connecting to a new bunker by @Alex Gleason
- Fix app starting on boot when not enabled
- Support for sign psbt method
- Fix relay auth whitelist when the relay contains port number
- Change selectable options to be a bottom sheet
- Added more options to the automatically sign this for

Download it with [Zapstore](https://zapstore.dev/apps/com.greenart7c3.nostrsigner), [Obtainium](https://github.com/ImranR98/Obtainium), [f-droid](https://f-droid.org/packages/com.greenart7c3.nostrsigner) or download it directly in the [releases page](https://github.com/greenart7c3/Amber/releases/tag/v6.1.0-pre3)

If you like my work consider making a [donation](https://greenart7c3.com)

## Verifying the release

In order to verify the release, you'll need to have `gpg` or `gpg2` installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

``` bash
gpg --keyserver hkps://keys.openpgp.org --recv-keys 44F0AAEB77F373747E3D5444885822EED3A26A6D
```

Once you have his PGP key you can verify the release (assuming `manifest-v6.1.0-pre3.txt` and `manifest-v6.1.0-pre3.txt.sig` are in the current directory) with:

``` bash
gpg --verify manifest-v6.1.0-pre3.txt.sig manifest-v6.1.0-pre3.txt
```

You should see the following if the verification was successful:

``` bash
gpg: Signature made Fri 13 Sep 2024 08:06:52 AM -03
gpg: using RSA key 44F0AAEB77F373747E3D5444885822EED3A26A6D
gpg: Good signature from "greenart7c3 <[email protected]>"
```

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

``` bash
cat manifest-v6.1.0-pre3.txt
```

One can use the `shasum -a 256 <file name here>` tool in order to re-compute the `sha256` hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
1❤️2♥️1🚀1🤙1
Amber profile picture
## Amber 6.1.0-pre2

- Better layout when connecting a new app
- Fix some reported crashes
- Fix signer dialog not closing after accepting a bunker request
- Show name and npub when showing your account
- Add a select/deselect all option in the permissions screen when connecting a new app
- Show a invalid request screen when receiving a invalid request
- Preview missing translation report before sending it
- Add a rate limiting for intents based on app/type/event kind (rate limiting only applies to apps that don't implement sending multiple requests at once)
- Some optimizations when accepting/rejecting intent requests
- Added a stop service in the notification, this force closes the app and you have to manually open it again before using bunker applications
- Added a option to disable the service start on boot
- Only start the profile subscription for the current account
- Always return hex key when logging in to an app to comply with nip 55
- Added a close button in the empty requests screen
- Added loading state to the report screens
- Support for beta releases for the auto updater
- Add a reset button for bunkers
- Fix a connection issue when connecting to a new bunker by @Alex Gleason
- Fix app starting on boot when not enabled

Download it with [Zapstore](https://zapstore.dev/apps/com.greenart7c3.nostrsigner), [Obtainium](https://github.com/ImranR98/Obtainium), [f-droid](https://f-droid.org/packages/com.greenart7c3.nostrsigner) or download it directly in the [releases page](https://github.com/greenart7c3/Amber/releases/tag/v6.1.0-pre2)

If you like my work consider making a [donation](https://greenart7c3.com)

## Verifying the release

In order to verify the release, you'll need to have `gpg` or `gpg2` installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

``` bash
gpg --keyserver hkps://keys.openpgp.org --recv-keys 44F0AAEB77F373747E3D5444885822EED3A26A6D
```

Once you have his PGP key you can verify the release (assuming `manifest-v6.1.0-pre2.txt` and `manifest-v6.1.0-pre2.txt.sig` are in the current directory) with:

``` bash
gpg --verify manifest-v6.1.0-pre2.txt.sig manifest-v6.1.0-pre2.txt
```

You should see the following if the verification was successful:

``` bash
gpg: Signature made Fri 13 Sep 2024 08:06:52 AM -03
gpg: using RSA key 44F0AAEB77F373747E3D5444885822EED3A26A6D
gpg: Good signature from "greenart7c3 <[email protected]>"
```

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

``` bash
cat manifest-v6.1.0-pre2.txt
```

One can use the `shasum -a 256 <file name here>` tool in order to re-compute the `sha256` hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
❤️1👀1
Amber profile picture
## Amber 6.1.0-pre1

- Better layout when connecting a new app
- Fix some reported crashes
- Fix signer dialog not closing after accepting a bunker request
- Show name and npub when showing your account
- Add a select/deselect all option in the permissions screen when connecting a new app
- Show a invalid request screen when receiving a invalid request
- Preview missing translation report before sending it
- Add a rate limiting for intents based on app/type/event kind (rate limiting only applies to apps that don't implement sending multiple requests at once)
- Some optimizations when accepting/rejecting intent requests
- Added a stop service in the notification, this force closes the app and you have to manually open it again before using bunker applications
- Added a option to disable the service start on boot
- Only start the profile subscription for the current account
- Always return hex key when logging in to an app to comply with nip 55

Download it with [Zapstore](https://zapstore.dev/apps/com.greenart7c3.nostrsigner), [Obtainium](https://github.com/ImranR98/Obtainium), [f-droid](https://f-droid.org/packages/com.greenart7c3.nostrsigner) or download it directly in the [releases page](https://github.com/greenart7c3/Amber/releases/tag/v6.1.0-pre1)

If you like my work consider making a [donation](https://greenart7c3.com)

## Verifying the release

In order to verify the release, you'll need to have `gpg` or `gpg2` installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

``` bash
gpg --keyserver hkps://keys.openpgp.org --recv-keys 44F0AAEB77F373747E3D5444885822EED3A26A6D
```

Once you have his PGP key you can verify the release (assuming `manifest-v6.1.0-pre1.txt` and `manifest-v6.1.0-pre1.txt.sig` are in the current directory) with:

``` bash
gpg --verify manifest-v6.1.0-pre1.txt.sig manifest-v6.1.0-pre1.txt
```

You should see the following if the verification was successful:

``` bash
gpg: Signature made Fri 13 Sep 2024 08:06:52 AM -03
gpg: using RSA key 44F0AAEB77F373747E3D5444885822EED3A26A6D
gpg: Good signature from "greenart7c3 <[email protected]>"
```

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

``` bash
cat manifest-v6.1.0-pre1.txt
```

One can use the `shasum -a 256 <file name here>` tool in order to re-compute the `sha256` hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
2❤️2
Amber profile picture
## Amber 6.0.3

- Fix racing condition when receiving intents
- Upgrade gradle and agp
- Add account index option when using seed words
- Fix relay reconnection on startup if the relay is offline
- Add missing periodic worker for app updates
- Check for empty request ids when receiving intents

Download it with [Zapstore](https://zapstore.dev/apps/com.greenart7c3.nostrsigner), [Obtainium](https://github.com/ImranR98/Obtainium), [f-droid](https://f-droid.org/packages/com.greenart7c3.nostrsigner) or download it directly in the [releases page](https://github.com/greenart7c3/Amber/releases/tag/v6.0.3)

If you like my work consider making a [donation](https://greenart7c3.com)

## Verifying the release

In order to verify the release, you'll need to have `gpg` or `gpg2` installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

``` bash
gpg --keyserver hkps://keys.openpgp.org --recv-keys 44F0AAEB77F373747E3D5444885822EED3A26A6D
```

Once you have his PGP key you can verify the release (assuming `manifest-v6.0.3.txt` and `manifest-v6.0.3.txt.sig` are in the current directory) with:

``` bash
gpg --verify manifest-v6.0.3.txt.sig manifest-v6.0.3.txt
```

You should see the following if the verification was successful:

``` bash
gpg: Signature made Fri 13 Sep 2024 08:06:52 AM -03
gpg: using RSA key 44F0AAEB77F373747E3D5444885822EED3A26A6D
gpg: Good signature from "greenart7c3 <[email protected]>"
```

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

``` bash
cat manifest-v6.0.3.txt
```

One can use the `shasum -a 256 <file name here>` tool in order to re-compute the `sha256` hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
21❤️2🤙2❤️1
Arándano · 13w
I do not find it in @zapstore yet
Amber profile picture
## Amber 6.0.2

- Fix racing condition when receiving intents
- Upgrade gradle and agp
- Add account index option when using seed words
- Fix relay reconnection on startup if the relay is offline
- Add missing periodic worker for app updates

Download it with [Zapstore](https://zapstore.dev/apps/com.greenart7c3.nostrsigner), [Obtainium](https://github.com/ImranR98/Obtainium), [f-droid](https://f-droid.org/packages/com.greenart7c3.nostrsigner) or download it directly in the [releases page](https://github.com/greenart7c3/Amber/releases/tag/v6.0.2)

If you like my work consider making a [donation](https://greenart7c3.com)

## Verifying the release

In order to verify the release, you'll need to have `gpg` or `gpg2` installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

``` bash
gpg --keyserver hkps://keys.openpgp.org --recv-keys 44F0AAEB77F373747E3D5444885822EED3A26A6D
```

Once you have his PGP key you can verify the release (assuming `manifest-v6.0.2.txt` and `manifest-v6.0.2.txt.sig` are in the current directory) with:

``` bash
gpg --verify manifest-v6.0.2.txt.sig manifest-v6.0.2.txt
```

You should see the following if the verification was successful:

``` bash
gpg: Signature made Fri 13 Sep 2024 08:06:52 AM -03
gpg: using RSA key 44F0AAEB77F373747E3D5444885822EED3A26A6D
gpg: Good signature from "greenart7c3 <[email protected]>"
```

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

``` bash
cat manifest-v6.0.2.txt
```

One can use the `shasum -a 256 <file name here>` tool in order to re-compute the `sha256` hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Amber profile picture
## Amber 6.0.1

- Fix missing event validation when checking for app updates and profile events
- Fix racing condition when receiving intents
- Fix subscriptions never closing when removing an app
- Remove richtext dependency
- Update Quartz library to 1.08.0
- Add two new backup options, webdav and share to google drive
- Implement exponential backoff for relay reconnections

Download it with [Zapstore](https://zapstore.dev/apps/com.greenart7c3.nostrsigner), [Obtainium](https://github.com/ImranR98/Obtainium), [f-droid](https://f-droid.org/packages/com.greenart7c3.nostrsigner) or download it directly in the [releases page](https://github.com/greenart7c3/Amber/releases/tag/v6.0.1)

If you like my work consider making a [donation](https://greenart7c3.com)

## Verifying the release

In order to verify the release, you'll need to have `gpg` or `gpg2` installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

``` bash
gpg --keyserver hkps://keys.openpgp.org --recv-keys 44F0AAEB77F373747E3D5444885822EED3A26A6D
```

Once you have his PGP key you can verify the release (assuming `manifest-v6.0.1.txt` and `manifest-v6.0.1.txt.sig` are in the current directory) with:

``` bash
gpg --verify manifest-v6.0.1.txt.sig manifest-v6.0.1.txt
```

You should see the following if the verification was successful:

``` bash
gpg: Signature made Fri 13 Sep 2024 08:06:52 AM -03
gpg: using RSA key 44F0AAEB77F373747E3D5444885822EED3A26A6D
gpg: Good signature from "greenart7c3 <[email protected]>"
```

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

``` bash
cat manifest-v6.0.1.txt
```

One can use the `shasum -a 256 <file name here>` tool in order to re-compute the `sha256` hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
1❤️2