Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Electrum
Re: Problem verifying download's signature
by
PrimeNumber7
on 29/08/2021, 13:10:07 UTC
Quote from: o_e_l_e_o on August 18, 2021, 08:58:13 PM
Quote from: Proofer on August 18, 2021, 08:41:14 PM
Update:-snip-
This is a valid confirmation.

As it states, you have a "Good signature from Thomas Voegtlin." I can confirm that the key you have for him - 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6 - matches the key I have for him. You can also verify this here: https://github.com/spesmilo/electrum/blob/master/pubkeys/ThomasV.asc. The reason it tells you "WARNING: This key is not certified with a trusted signature!" is simply because you have not signed ThomasV's key with your own key to tell GPG that you trust it. This is not necessary, but if you wish to do this, then the commands you are looking for are gpg --edit-key and trust. You can read how to do so here: https://www.gnupg.org/gph/en/manual/x334.html.
Technically it is not necessary to sign ThomasV's key, but it is a good practice to do so once you are confident you can trust the key. Some people have many keys on their keychain, and it is not outside of the realm of possibilities for someone to have an imposter key on their keychain. Signing keys you know you can trust means there is not the risk that someone later compromises your verification method(s), and if a key does not match what you have signed, it will set off a red flag.