Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possibly bad key verification for 64-bit Debian GNU/Linux version #900

Closed
kxcrl opened this issue Aug 9, 2017 · 3 comments
Closed

Possibly bad key verification for 64-bit Debian GNU/Linux version #900

kxcrl opened this issue Aug 9, 2017 · 3 comments
Assignees
@ManfredKarrer

Comments

@kxcrl
Copy link

kxcrl commented Aug 9, 2017

Attempting to verify the 64-bit deb package resulted in the following:

➜  gpg --import F379A1C6.asc                                                      
gpg: key F379A1C6: public key "Manfred Karrer <manfred@bitsquare.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: no ultimately trusted keys found

➜  gpg --digest-algo SHA256 --verify Bisq-64bit-0.5.3.deb.asc Bisq-64bit-0.5.3.deb
gpg: Signature made Mon 17 Jul 2017 04:09:04 AM CDT using RSA key ID F379A1C6
gpg: BAD signature from "Manfred Karrer <manfred@bitsquare.io>"

It's probably also worth noting that the provided key URL (https://bisq.io/pubkey/F379A1C6.asc) currently seems to 404

Is there something that I'm missing or an alternative methodology that you were expecting to be used for this?
cbeams added a commit to bisq-network/bisq-website that referenced this issue Aug 9, 2017
@cbeams
Revert "Remove unused pubkey dir (#1)"
465ed7e 
This reverts commit 6ac95d2.

See bisq-network/bisq#900
@cbeams
Copy link
Member

cbeams commented Aug 9, 2017

@kxcrl, with the commit referenced above, the key is now back in place. Thanks for the heads up.

Regarding the verification failure itself, I'll let @ManfredKarrer weigh in.

@ManfredKarrer
Copy link
Member

@kxcrl Maybe you have the old key which was expired. I uploaded the new key. If you use the one on Github it should be ok.

@kxcrl
Copy link
Author

kxcrl commented Aug 9, 2017

Wow, thanks so much for the rapid response @cbeams and @ManfredKarrer

Just freshly grabbed all three files again (key asc from the previous link, which works now) and it all looks good:

➜  gpg --import F379A1C6.asc                                                      
gpg: key F379A1C6: "Manfred Karrer <manfred@bitsquare.io>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

➜  gpg --digest-algo SHA256 --verify Bisq-64bit-0.5.3.deb.asc Bisq-64bit-0.5.3.deb
gpg: Signature made Mon 17 Jul 2017 04:09:04 AM CDT using RSA key ID F379A1C6
gpg: Good signature from "Manfred Karrer <manfred@bitsquare.io>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 1DC3 C8C4 316A 698A C494  039C F5B8 4436 F379 A1C6

Thanks again!

@kxcrl kxcrl closed this as completed Aug 9, 2017
@cbeams cbeams mentioned this issue Sep 20, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ManfredKarrer ManfredKarrer

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cbeams @ManfredKarrer @kxcrl