Now I want to verify at least one developer's signature. I have kleopatra.exe ready and I can either search a keyserver or I can import a file.
For noobs the github page is "overload" and there are no steps or explanations.
What's you OS, I assume Windows since you mentioned that in your other thread.
Okay so for manual import; go to Bitcoin-Core's repo for the builder keys, here:
https://github.com/bitcoin-core/guix.sigs/tree/main/builder-keysDownload your selected developer's gpg key (
Click a 'name.gpg' file->'download raw file' icon), it will be saved as "
name.gpg".
To import:
- Open Kleopatra and double-click the GPG file that you've downloaded and it will be imported automatically.
- Go to Kleoparta's "Certificates" list, right-click on the just-imported key (actual name may be different from the file name), then select "Certify...".
- In the 'Certify Certificate' window, click "Certify" once you fully checked if the information in the certificate are true.
Then to verify: double-click "
SHA256SUMS.asc" to automatically verify "
SHA256SUMS" file.
With Kleopatra, it should work automatically if both files are in the same directory/folder and having the same file name.
Note: if "
.asc" and "
.gpg" files aren't associated with Kleopatra, double-click wont do anything until you select Kleopatra.
If so, tick "
Always use this app to open .asc files" once you select "
Kleopatra" as the associated app.