---
title: "John Hancocks at the Ready: Signatures for All"
description: ""
canonical_url: "https://cloudsmith.com/changelog/john-hancocks-at-the-ready-signatures-for-all"
last_updated: "2021-04-01T08:00:00.000Z"
---
# John Hancocks at the Ready: Signatures for All

Cloudsmith has always performed signature and checksum validation at the core of the service - and today, we're introducing three awesome new ways to surface this information!

## User Interface

The package information page now includes a link to retrieve the raw GPG signature for a package, using all of the same authentication schemes we support for packages.

## Packages API

The package resource in the Cloudsmith API now provides a URL to retrieve the raw signature for a package and package file via the attribute **signature_url**.

## Raw Format Indexes / URLs

Last (but by no means least) - our raw format has been updated to provide signature URLs on both our HTML and JSON indexes (where enabled within your repository). You can also append **.asc** to any raw file URL to retrieve the package signature directly.

These changes (and more upcoming) aim to give more visibility into the provenance of your software.
