Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Technical Support
Re: Signature Verification of Core: Specific Questions
by
Noob_Is_Relative
on 16/08/2024, 13:06:34 UTC
Quote from: nc50lc on Today at 03:59:10 AM
Quote from: Noob_Is_Relative on Today at 02:12:04 AM
Quote from: nc50lc on August 15, 2024, 07:03:32 AM
-snip-
When I right click on that and Open with Kleo. I get from Kleo a window that says that SHA256SUMS has been verified with SHA256SUMS.asc and then I get a list of 10 signatures that could not be verified and the ability to import each of them from the key.
That's how the process should be.
You verified that the "SHA256SUMS" file containing the hashes of Bitcoin Core binaries is legit by doing that.
So you can be certain that the hash that you're comparing to is correct.

For the 10 other signatures (you mean certificates? the signature is the .asc file.),
It's because you haven't imported and certified the other signing keys from the repo where you've downloaded "davidgumberg.gpg".

Quote from: Noob_Is_Relative
But what happened to davidgumberg.gpg that I'm trying to verify? It seems like I'm dealing with apples and oranges and here I'm stuck.
That's a "PGP public key" and it's not the one that you're verifying.
You've imported that to Kleopatra to make sure that the signature in the file "SHA256SUMS.asc" that is used to verify "SHA256SUMS" file is signed with it.

Thanks to your help, I'm better off than I thought, and I can now do my upgrade. Thanks again for sticking with me until I reached a solution.