Question: How do this gpg import process work? (gpg --import key.asc vs the above referenced ubuntu server way?) Where does this information get downloaded from in bother manners? My biggest focus is security - would it be best to do "gpg --import WladimirvanderLaankey.acs? (if so, where do i find the correct spelling?)
The first way (
gpg --import key.asc) imports an already downloaded key (which is on your hard drive now) into the pgp database.
The second command (gpg --recv-keys XXXXX) pulls the key with the ID XXXXX from the keyserver you have specified with
--keyserver or from the default one of your distro.
It doesn't really matter which way you choose, both have its pros and cons.
You just need to make sure that the source of your information is correct. This means if you download an .asc file, make sure you download it from the correct site.
And if you import it from a keyserver, makesure the ID you are using is coming from the correct source/website.
oh, ok - thank you for clarifying. Just to confirm, I found 2 signing keys in goatpig's PublicKey section on github (goatpig-signing-key.asc and laanwj-releases.asc). I know goatpigs is what I need for armory, but is that the correct key for Wladimir van der Laan for bitcoin core? (I couldn't find it on laanwj's github).
Thanks so much, gpg is bit confusing - really appreciate this support.