Armory 0.96.5 - page 2. | Bitcointalksearch.org

BitMaxz

legendary

Activity: 3500

Merit: 3249

Happy New year 🤗

Quote from: nc50lc on June 01, 2022, 10:24:17 PM

That's because "sha256sum.txt.asc" isn't the signature for the binaries.
It already contains both the signature of the message and the SHA256sum of each binaries (as signed message).

You verify the signed hash file via gpg --verify sha256sum.txt.asc to see if it's legit.
After passing verification, open it using your notepad or text editor, then compare the SHA256sum of the binaries to the listed SHA256 hashes.

That's the only thing that works for me the result is below.

Code:

C:\Users\Admin\Downloads\Programs\New folder>gpg --verify sha256sum.txt.asc
gpg: Signature made 24/12/2018 4:16:07 pm Malay Peninsula Standard Time
gpg:                using RSA key 8C5211764922589A
gpg: Good signature from "goatpig (Offline signing key for Armory releases) " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 745D 707F BA53 968B DF63  AA8D 8C52 1176 4922 589A
gpg: WARNING: not a detached signature; file 'sha256sum.txt' was NOT verified!

I just trying to include the installer when verifying but it didn't work except on verifying only the sha256sum.txt.asc
So to make sure it's genuine I manually created the checksums with GpgEX and check the hash inside with the notepad and compared it to sha256sum.txt.asc the hash are the same so it's guinuine as I said on my previous suggestion above.

nc50lc

legendary

Activity: 2646

Merit: 6681

Self-proclaimed Genius

Quote from: BitMaxz on June 01, 2022, 05:54:03 PM

I did try to verify it through command prompt as the administrator but it fails after verifying the installer with the signature even if I use the sha256sum.txt.asc or the above keys.
-snip-

That's because "sha256sum.txt.asc" isn't the signature for the binaries.
It already contains both the signature of the message and the SHA256sum of each binaries (as signed message).

You verify the signed hash file via gpg --verify sha256sum.txt.asc to see if it's legit.
After passing verification, open it using your notepad or text editor, then compare the SHA256sum of the binaries to the listed SHA256 hashes.

BitMaxz

legendary

Activity: 3500

Merit: 3249

Happy New year 🤗

I did try to verify it through command prompt as the administrator but it fails after verifying the installer with the signature even if I use the sha256sum.txt.asc or the above keys.

I also got this below I tried to verify it with the sha256sum.txt.asc from releases but got this error below

Code:

C:\Users\~snip~\Downloads\Programs\New folder>gpg --verify sha256sum.txt.asc armory_0.96.5_win64.exe
gpg: not a detached signature

edit:
Since the error above gpg not a detached signature I tried to edit the sha256sum.txt.asc and remove the hashes or the whole PGP signed message and save only the PGP signature and this is the result below.

Code:

C:\Users\Test1\Downloads\Programs\New folder>gpg --recv-keys --keyserver keyserver.ubuntu.com 4922589A
gpg: key 8C5211764922589A: "goatpig (Offline signing key for Armory releases) " not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

C:\Users\Test1\Downloads\Programs\New folder>gpg --verify sha256sumsignature.txt.asc armory_0.96.5_win64.exe
gpg: Signature made 24/12/2018 4:16:07 pm Malay Peninsula Standard Time
gpg:                using RSA key 8C5211764922589A
gpg: BAD signature from "goatpig (Offline signing key for Armory releases) " [unknown]

goatpig

legendary

Activity: 3794

Merit: 1375

Armory Developer

Code:

pub   rsa4096 2015-11-22 [SC]
      745D 707F BA53 968B DF63  AA8D 8C52 1176 4922 589A
uid           [ unknown] goatpig (Offline signing key for Armory releases)

This is my offline signing key's fingerprint. The short hand fingerprints you are finding either show the last 2 or the last 4 hexit packets of the full fingerprint

Code:

This is the key itself, with some sigs added

nc50lc

legendary

Activity: 2646

Merit: 6681

Self-proclaimed Genius

Quote from: AM0751 on May 31, 2022, 02:11:49 PM

I downloaded the version of Kleopatra that is in the tutorial on http://www.bitcoinarmory.com/tutorials/armory-basics/verify-download/

I adjust the settings, and then I input the signing key 4922589a
It tells me I seem to be looking for a fingerprint or key-id. And to add a prefix if my search does not yield any results.
Both options give me zero results.

In my previous reply, I also mentioned that Kleopatra yields zero result at my end.
Instead, I manually imported the one suggested in the tutorial but added "&op=index" at the end of the link for the link to work.

So, instead of keyserver.ubuntu.com/pks/lookup?search=goatpig, it should be: keyserver.ubuntu.com/pks/lookup?search=goatpig&op=index
Then, click on "8c5211764922589a", copy everything on the page from "-----BEGIN PGP PUBLIC KEY BLOCK-----" to "-----END PGP PUBLIC KEY BLOCK-----".

Open Kleopatra, click on "Notepad", paste the text there and click "Import Notepad".
After that, certify that the one you're importing is correct; e.g.: ask goatpig himself if the fingerprint (below) is correct.
Lastly, tick the checkboxes and finish the rest of the process.

goatpig

legendary

Activity: 3794

Merit: 1375

Armory Developer

You should really use GPG from the terminal instead of a GUI solution. The signature process for Armory is the same as Core: save the sha256sum for each package to a text file, then sign that file. Therefor to verify the package, you have to do things:

- Check the packages sha256sum matches the one in the hash file (for the same name). This is as simple as running `sha256sum *package filename*` in the terminal/powershell and comparing with the entry in the hash file for the same file name.

- Check the signature on the hash file is valid. For you can run `gpg verify *hash filename*`. If you have public key in your keystore, it should tell you the sig is valid.

BitMaxz

legendary

Activity: 3500

Merit: 3249

Happy New year 🤗

Quote from: AM0751 on May 31, 2022, 02:11:49 PM

Hi all,

Thanks for the help so far, but I must be incredibly dumb.
I can’t get it to work, and I can’t move forward and copy this install file on my airgapped computer without me knowing it is 100% legit.

I downloaded the version of Kleopatra that is in the tutorial on http://www.bitcoinarmory.com/tutorials/armory-basics/verify-download/

I adjust the settings, and then I input the signing key 4922589a
It tells me I seem to be looking for a fingerprint or key-id. And to add a prefix if my search does not yield any results.
Both options give me zero results.

I have no idea what I am doing wrong. Any help would be much appreciated.

Thanks in advance.

I also tried to verify it with Kleopatra it seems it didn't work.

Anyway, have you checked the last part of the video from that guide you can verify if the software is genuine by creating checksums it will generate a new file with the name sha256sum.txt open it with notepad.

Now download the sha256sum.txt.asc from the link posted by goatpig above and open it again with a notepad it should show the list of hash and the pgp signature under the Signed message or Sha256 hash check the installer hash and compare it with the hash that you created recently under sha256sum.txt.
It should be the same if not then the installer you download is fake or clone.

AM0751

newbie

Activity: 3

Merit: 0

Hi all,

Thanks for the help so far, but I must be incredibly dumb.
I can’t get it to work, and I can’t move forward and copy this install file on my airgapped computer without me knowing it is 100% legit.

I downloaded the version of Kleopatra that is in the tutorial on http://www.bitcoinarmory.com/tutorials/armory-basics/verify-download/

I adjust the settings, and then I input the signing key 4922589a
It tells me I seem to be looking for a fingerprint or key-id. And to add a prefix if my search does not yield any results.
Both options give me zero results.

I have no idea what I am doing wrong. Any help would be much appreciated.

Thanks in advance.

goatpig

legendary

Activity: 3794

Merit: 1375

Armory Developer

https://github.com/goatpig/BitcoinArmory/releases

Github release page has the sig files as well.

nc50lc

legendary

Activity: 2646

Merit: 6681

Self-proclaimed Genius

Quote from: AM0751 on May 13, 2022, 04:51:36 PM

Question: how do I check the integrity of the Armory 0.96.5 download on my computer?

I can't seem to get a result with Kleopatra's server lookup either.
In the latest version of the website (btcarmory.com/docs/verify), the link to the signing key seems dead, to make it work, just add &op=index at the end of the link's url.
Then import goatpig's signing key from the result: 8c5211764922589a

Then do the rest of the tutorial.

AM0751

newbie

Activity: 3

Merit: 0

Hi all,

I downloaded armory 0.96.5. I wanted to check the integrity of the downloaded file, but for that I need to use GPG4win.
The instruction video to check the integrity of the download on the armory website is from 2014 I believe.
It says I need an offline signing key. I believe that is 4922589A. However, if I input that into GPG4win it doesn’t find anything. So I am stuck, not even mentioning the fact that this method might be completely outdated.

Question: how do I check the integrity of the Armory 0.96.5 download on my computer?
Thanks in advance.

goatpig

legendary

Activity: 3794

Merit: 1375

Armory Developer

0.96.5 won't be able to spend to native taproot addresses. I'm working to add full support for that address format among other things.

Ethorsen

newbie

Activity: 16

Merit: 1

Hi guys,

Is there any foreseeable problems with usage of Armory 0.96.5 and the incoming Taproot soft-fork?

Thx

nc50lc

legendary

Activity: 2646

Merit: 6681

Self-proclaimed Genius

Quote from: RoadStress on October 01, 2021, 03:13:57 PM

-snip- And just for further info: Is any bitcoin core client able to send to a bc1 address?

Almost all "Bitcoin clients" including Armory can now send to bech32 addresses, only those that aren't maintained or oppose the soft-fork can't.
You can customize this list: https://bitcoin.org/en/choose-your-wallet?step=5&platform=linux (link set to linux);
then click a wallet name to see if it has "✓SEGWIT" which means it supports SegWit; additionally, "✓BECH32" if it can generate bc1 addresses.

goatpig

legendary

Activity: 3794

Merit: 1375

Armory Developer

You can send to bech32 addresses (bc1) in 0.96.5. What you cannot do is generate these addresses from Armory wallets.

BitMaxz

legendary

Activity: 3500

Merit: 3249

Happy New year 🤗

Quote from: RoadStress on October 01, 2021, 03:13:57 PM

A bit offtopic question, but I don't know where to ask. Can I send BTC to a native SegWit bc1 address using Armory 0.96.5 + Core 0.19.1? And just for further info: Is any bitcoin core client able to send to a bc1 address?
Thanks!

It seems the current latest version of the armory doesn't support it yet but it might support on their armory 0.97 they don't release it yet.

Read this part

Quote

Break backwards compatibility for unsigned transactions carrying bech32 outputs. Older versions cannot make sense of bech32 addresses, therefore they shouldn’t be able to sign the transaction at all.
Fixed

Look at their release note here https://btcarmory.com/0.96.5-release/

Armory does not fully support bech32 but they support segwit address that starts with 3 or with script type: p2sh-p2wpkh

If you want a wallet that fully supports segwit I would suggest you check Electrum wallet or wait for a new armory release.

RoadStress

legendary

Activity: 1904

Merit: 1007

A bit offtopic question, but I don't know where to ask. Can I send BTC to a native SegWit bc1 address using Armory 0.96.5 + Core 0.19.1? And just for further info: Is any bitcoin core client able to send to a bc1 address?
Thanks!

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

One annoying detail as a result of goatpig's Armory forking from etothepi's version is that the new, forked Armory can't be searched on Github because it has less stars (401) than the parent repo (677). This causes Github not to index the fork and as a result you can only search for code & issues on the old outdated parent.

[I could just clone it and search offline but it's not as good as on Github]

It was inconvenient to the point where I cloned and uploaded my own copy just to enable this feature, though I apparently pushed a really out of date version from 2018.

So if you're reading this and you have etithepi's repo starred, unstar it, and star goatpig's Armory I guess, so that Github will finally index it for searching.

HCP

legendary

Activity: 2086

Merit: 4363

Quote from: jnagyjr on June 19, 2021, 07:39:34 PM

Will this new version recognize more than 447,219 blocks?

The current version (0.96.5) works perfectly fine and syncs all the way up to the current block height:

If you are having issues with Armory 0.96.5 and it is only syncing up to 447219, then there is something wrong with your setup... either Bitcoin Core hasn't actually synced past that block (out of diskspace etc) so the data isn't available for Armory to scan or it could be that you have corrupted blockchain data and it is causing Armory to crash.

If you'd like assistance getting your Armory synced up properly, then I would suggest that you start a new thread, describe your issue as best as you can and make sure that you post your armory logs (ie. armorylog.txt and dblog.txt) to https://pastebin.com/ and copy/paste the generated pastebin links in your thread.

jnagyjr

member

Activity: 100

Merit: 10