The user may opt to verify the file they download using a signature for that file. In order to do so, user must execute.

The user can obtain OpenSSL directly from https://www.openssl.org/.  

Use the following command

openssl dgst -sha256 -verify <pub-key> -signature /tmp/sign.sha256 <file>

For Example:
openssl dgst -sha256 -verify codesigning-pubkey.pem -signature Android_AvayaWebRTCConnect-SDK_Signature.sha256 Android_AvayaWebRTCConnect-SDK_4.0.8.zip