Show menu

DNS verification

DNS verification ties every AppImage to a verified domain. Instead of relying on a central authority, APM uses DNS TXT records to establish trust between a developer’s domain and their signing key.

How it works

  1. The developer generates an Ed25519 key pair with apm keygen.
  2. The public key is published as a DNS TXT record on the _apm subdomain.
  3. When you install an AppImage, APM looks up the TXT record and verifies the signature.

If the signature doesn’t match, APM warns you that the AppImage’s origin cannot be verified.

DNS record format

_apm.yourdomain.com  TXT  "ed25519=<your-public-key-base64>"