The user may opt to verify the file they download using a signature for that file. In order to do so, user must execute.

The user can obtain OpenSSL directly from https://www.openssl.org/.  

Use the following command

openssl dgst -sha256 -verify <pub-key> -signature /tmp/sign.sha256 <file>


For Example:
openssl dgst -sha256 -verify codesigning-pubkey.pem -signature Javascript_WebRTCConnectSDK_Signature.sha256 "Avaya WebRTC Connect SDK Release 4.0.9 for Javascript.zip"

Windows line endings warning
If a Windows customer saves codesigning-pubkey.pem and their OpenSSL is Cygwin-based or Linux-based, they may hit a CRLF issue. 
Worth adding a note: If you receive a "Could not read public key" error, convert the PEM file to Unix line endings before verifying.