Thanks HI-TEC99
I have followed religiously your guide posted in the link, through cleopatra I get:
generate-wallet.html.sig: Signature is valid
Signed on 2016-02-23 15:53 with unknown certificate 0x761F7D53D11591274A170B839277AD7136E1D9B6.
but, I don't have certificate of Canton Becker (the maker of bitcoin paperwallet)
I only have trough his website these:
PGP Public Key ... (very long as you know
)
RSA Key ID: 36E1D9B6
Fingerprint: AB12 6777 451C 7A18 C172 3297 C525 F065 0B16 DF4B
How can I connect this certificate to him?
I have followed religiously your guide posted in the link, through cleopatra I get:
generate-wallet.html.sig: Signature is valid
Signed on 2016-02-23 15:53 with unknown certificate 0x761F7D53D11591274A170B839277AD7136E1D9B6.
but, I don't have certificate of Canton Becker (the maker of bitcoin paperwallet)
I only have trough his website these: PGP Public Key ... (very long as you know
)RSA Key ID: 36E1D9B6
Fingerprint: AB12 6777 451C 7A18 C172 3297 C525 F065 0B16 DF4B
How can I connect this certificate to him?
Ideally you should personally check in multiple places you trust that a signature really does belong to someone you trust. Often even experienced professionals skip that step and just use whatever is on a key server, but that's very risky. This quote sums up what you should do.
https://serverfault.com/questions/569911/how-to-verify-an-imported-gpg-key
Quote
A "trusted signature" is a signature from a key that you trust, either because (a) you have personally verified that it belongs to the person to whom it claims to belong, or (b) because it has been signed by a key that you trust, possibly through a series of intermediate keys.
I found a reddit post containing that fingerprint by someone with the username cantonbecker. However, I don't know Canton Becker well enough to confirm if that really is his reddit account. You will have to google some more to find something you can double check with.
https://www.reddit.com/r/GnuPG/comments/1lsuih/am_i_pgpsigning_my_bitcoin_wallet_generator/ccfzj6e/
Quote
However I don't want to put my key fingerprint in the README file itself because the whole point of signing the document is discouraging people from trusting the download itself without double-checking...
As a start, I'll take your advice and post my fingerprint info here
AB12 6777 451C 7A18 C172 3297 C525 F065 0B16 DF4B http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC525F0650B16DF4B
As a start, I'll take your advice and post my fingerprint info here
AB12 6777 451C 7A18 C172 3297 C525 F065 0B16 DF4B http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC525F0650B16DF4B