How to obtain the latest database and how to build/sign a custom database

[VeitchKyrie]

Summary
I’d like to load the latest Hypatia database into the app and also understand how to generate my own database from hash lists (e.g., ClamAV hdb or CSV).
I couldn’t find a single end-to-end document covering: where to get the latest database, which files are required, how signature verification works, and how to build/sign a custom database.

What I tried
Downloaded the database files (md5/sha1/sha256 Bloom bins and .sig files, plus gpg.key).
Placed them under the app’s private directory: /data/user/0//files/signatures (using adb push to /sdcard then adb shell run-as to copy into place).
On load, the app fails GPG verification. Log excerpt:
- readPublicKey: No match found, have key: 5298C0C0C3E73288
- readPublicKey: No match found, have key: 1A0BDAEA047BCBC8
- java.lang.IllegalArgumentException: Can't find encryption key in key ring.
I noticed SIGNING_KEY_DEFAULT = BADFCABDDBF5B694 in the code. I assume this is the default signing key ID, but I’m not sure where to obtain the corresponding armored public key and its full fingerprint.

[Inhishonor]

@VeitchKyrie

I’d like to load the latest Hypatia database into the app

Just hit Update Databases and everything should be done automatically.

I couldn’t find a single end-to-end document covering: where to get the latest database, which files are required, how signature verification works, and how to build/sign a custom database.

Unfortunately, we don't have such a document, as the process is still rather haphazard, and not even close to how we would like to eventually have it. You can take a look at https://github.com/MaintainTeam/HypatiaDatabases/blob/main/src/main/java/org/maintainteam/hypatiadatabases/App.java and https://github.com/MaintainTeam/HypatiaDatabases/blob/main/.github/workflows/generate_stable.yml to get an idea of how the database generation is done.

What I tried
Downloaded the database files (md5/sha1/sha256 Bloom bins and .sig files, plus gpg.key).
Placed them under the app’s private directory: /data/user/0//files/signatures (using adb push to /sdcard then adb shell run-as to copy into place).
On load, the app fails GPG verification. Log excerpt:

• readPublicKey: No match found, have key: 5298C0C0C3E73288
• readPublicKey: No match found, have key: 1A0BDAEA047BCBC8
• java.lang.IllegalArgumentException: Can't find encryption key in key ring.
  I noticed SIGNING_KEY_DEFAULT = BADFCABDDBF5B694 in the code. I assume this is the default signing key ID, but I’m not sure where to obtain the corresponding armored public key and its full fingerprint.

I can't comment on this right now, I haven't tried to manually load a database in a while. But also this needs to be documented as well. Let me figure out why this is happening.