Have I correctly verified Core?
I've done this following but am a bit out of my depth:
1. Downloaded and installed Kleopatra (GPG4WIN)
2. Imported Wladimir's ASC from Bitcoincore.org
3. Downloaded bitcoin-0.17.1-win64-setup.exe
4. Downloaded SHA256SUMS.ASC from Bitcoincore.org
5. Verified SHA256SUMS.ASC was created with Wladimir's certificate via Kleopatra (*See below)
6. Obtain SHA256 hash of bitcoin-0.17.1-win64-setup.exe (**see below)
7. Confirm the SHA256 hash matches the SHA256 hash in the SHA256SUMS.ASC file (***see below)
*Signature created on Tuesday, 25 December 2018 7:03:05 PM
With certificate:
Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com> (90C8 019E 36C2 E964)
The used key is not certified by you or any trusted person
**\Bitcoin>certUtil -hashfile bitcoin-0.17.1-win64-setup.exe SHA256
SHA256 hash of bitcoin-0.17.1-win64-setup.exe:
fa1e80c5e4ecc705549a8061e5e7e0aa6b2d26967f99681b5989d9bd938d8467
CertUtil: -hashfile command completed successfully.
***fa1e80c5e4ecc705549a8061e5e7e0aa6b2d26967f99681b5989d9bd938d8467 bitcoin-0.17.1-win64-setup.exe
As far as I can tell this is correct, but step 5 has me a bit unsure, mainly due to the following:
I am led to believe that this message is correct, and that 'The data could not be verified' is simply a result of me having not verified Wladimir's key via Kleopatra.
Does all of this look correct?
I've done this following but am a bit out of my depth:
1. Downloaded and installed Kleopatra (GPG4WIN)
2. Imported Wladimir's ASC from Bitcoincore.org
3. Downloaded bitcoin-0.17.1-win64-setup.exe
4. Downloaded SHA256SUMS.ASC from Bitcoincore.org
5. Verified SHA256SUMS.ASC was created with Wladimir's certificate via Kleopatra (*See below)
6. Obtain SHA256 hash of bitcoin-0.17.1-win64-setup.exe (**see below)
7. Confirm the SHA256 hash matches the SHA256 hash in the SHA256SUMS.ASC file (***see below)
*Signature created on Tuesday, 25 December 2018 7:03:05 PM
With certificate:
Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com> (90C8 019E 36C2 E964)
The used key is not certified by you or any trusted person
**\Bitcoin>certUtil -hashfile bitcoin-0.17.1-win64-setup.exe SHA256
SHA256 hash of bitcoin-0.17.1-win64-setup.exe:
fa1e80c5e4ecc705549a8061e5e7e0aa6b2d26967f99681b5989d9bd938d8467
CertUtil: -hashfile command completed successfully.
***fa1e80c5e4ecc705549a8061e5e7e0aa6b2d26967f99681b5989d9bd938d8467 bitcoin-0.17.1-win64-setup.exe
As far as I can tell this is correct, but step 5 has me a bit unsure, mainly due to the following:
I am led to believe that this message is correct, and that 'The data could not be verified' is simply a result of me having not verified Wladimir's key via Kleopatra.
Does all of this look correct?
Yes, you correctly verify BitcoinCore. The signature fingerprint and .exe hash are same with what i have, so most likely both of them are genuine.
Message on step 5 happen because you haven't sign keys with your PGP key or set trust of Wladimir's key to maximum. I don't use klepoatra, so i'm not sure which one is the reason