Bitcoincore 0.21.2 - SHA256SUMS.asc | Bitcointalksearch.org

harlequininja

jr. member

Activity: 46

Merit: 13

Cheers, that explains everything!

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

I had imported Wladimir's public key in the past, but it's now expired. Tried to verify SHA256SUMS.asc, it did have a good signature.

Code:

$ gpg --verify SHA256SUMS.asc
gpg: Signature made Wed 29 Sep 2021 08:26:46 AM EEST
gpg:                using RSA key 90C8019E36C2E964
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release signing key) " [expired]
gpg: Note: This key has expired!

I re-imported it, with the provided github link, and there wasn't a problem. That's the latest commit by laanwj:

Quote from: https://github.com/bitcoin-core/bitcoincore.org/commit/ca7a649c50ed244682b4e3b3237ec13d6a148640

Change the expiration to 2024. The key is no longer being used for new
releases, but letting it expire now would be inconvenient because there
may still be another 0.21.x release, and, people may still want to
verify older releases.

This should be enough for all releases signed with it to be EOL. After
that, it can be removed from the site completely.

I hope this does answer your last question.

harlequininja

jr. member

Activity: 46

Merit: 13

I copied the content

Code:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

mQINBFWKlBcBEACgZJd/6LrSgNSVxiyq5N9h0E7zgSHG/ahuWAnWeFtxaxHeukH+
Q2Zq6F8FLbq40PphyroRylMBpzPBcyxjee7mDj1DpJ9ayv6GGPTyQzOImhChEV8p
bA42dvXnB5ju0rPh2GxctbiZZD1kiPH4jlmDIgomvupAj9OFntA5jfkuSFBekZrw
QyZowz/paMBIe24YH2LyaZjC2DqLy8Znh78OfAZxZsWSdZxK5LsbkCE9l8Li3gQa
rxm4aEMBHhvns+s8Ufa47sdJAYAfVnAWb5Dfe4oVFh70PvB8GSGFS9qeib0eEQBD
71c9MN+REDTSOYO2VnUSFbu7IrKsPsClqwfT9KzI/uz5fpHSKdCp5AO7oDZiU36s
LsSOBbukTmFQfVrAniFEZxHLCBufXCsAwp07xtUH9ytbW0Y/eHYlZojoWJJPT//1
cQ/A2Ix/nxbSkSPq8wpCUhBxvTQoU9BXeQIbSy0yUmj5nS+3DR7IK2Q7ACyVClr7
LVQOGxgZhHr9Kq87RDqc1wlvbCxb+KTJQhJySpOVoiaME6jLBzgE7G+5N6IXTK5u
OriOsQwcLdeBu7TPgft79uBYnmYeaNVdovlBB//7H7UvY0kAxAg4NPgK6eYRdzn+
8ZtbntNXi/23RJvzeZJVBqQ7bYt4fjmHmRYrbM4jWKJEoJOE6wzpmELUowARAQAB
tFVXbGFkaW1pciBKLiB2YW4gZGVyIExhYW4gKEJpdGNvaW4gQ29yZSBiaW5hcnkg
cmVsZWFzZSBzaWduaW5nIGtleSkgPGxhYW53akBnbWFpbC5jb20+iQI+BBMBAgAo
AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCXGF5iQUJDHp/6QAKCRCQyAGe
NsLpZNgmD/9TyCBc6mTA00DKi1PEukIyMQMDKTfAU91bpqPSZXwxFCoYnpjP5qie
RgY93g8mXIG+QcNaOYode0G1LIRBx507XKKXg9BkQpg56ms0vnmIW/N1smMkBvDn
V/m1VBHH42jybDDyrdtIPqoJ2aZpu5Eb6SQOV0XVa74xKh9K7OS0ZKndMwJ5X24L
2VrfeUGiJrCADRbggxhPl218f9uNWh11dpIn2gsU6QcANvuy2VcXRfD0ZMzSA1Qh
GfVii9G1+XUQ7xUi6qes9xEVaGLvLawdHKJDgIBt8pfAYtoX0sz+53vRG+kJNtH4
bKiNWwrWSj5ERErGCvzfGuGgHo8ls4N8+KH3dx3A+xTrFMIqPacN8vwdU6rltQ+s
WUHTB2wBbABtHomx/+QTs6RPoFr4pqkZ3QTigGmGOOuimmGmMkBG52Ww7nvE+9ak
qLeHdfBSz+P6PWVS8+tIndm23EucMilehe4ODyBQTiPoqDGH5lt6J0zA2nbk0Eqq
yeDsuQ584bbNbPzX6j840lWEJ/Er1Rv+JDlzc8tLtUmeQ/xmkuun+7w113IRJSwy
/XmhwfzjC3AxCXCG0v0eEHuRHLwMKQuwC4JqBI1ljGOixO0GF+WIfQc6eZTHVTpk
rTbO0OArz4g4cgCE6bIsL+LrkndFgtXC3WPqaDu0ypEUiuUbYtKFgYkCPQQTAQoA
JwIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAUCYgPVVwUJEDuoMQAKCRCQyAGe
NsLpZGXPD/9v1iWA4nIYFvE2ZVtWedaKW1yD1FIP92P/8udvz5npaWS+XjL9B2GJ
12IKLHZcEAxmxpnYNBe+mWm3wTqAXhyurR+suS26YF3sRbnau8gpqwKpMtlflzd/
Sc59eGGRolpsO12u7kKrPnozRtpcYGMwuRNu+7AypqnxMcCfYz5dH/SADcMRoM/i
7CmqYEmBInJ20nM1Dq6604JA70CGdRLB73U+27AwG8F+v4BttDDgc1TbF1h4alYW
vJCB8pb+j6Mtuzy4v6opyym4q+KT/1RBFQ9bvJ4CCNKZrDbr2lh7xSK0rsTYjThK
LanMO/S/Q+qhhwxnJVabWCZKTpj74kMbb0d7OL5TzAQbelpXMr//zVJno6D4N7Jl
2ytvHPqNG01FI7RuXV+r8Dg3++EdzfxSeAw3r7zO5nZC/Wso1ifVNe2dBX4KboVo
vEm9OMiE4lEeWZEStlHTQhEIWc4uXdJsY1C8Z+HXBSTnma2Uo3l2639mdWi6PfBj
RYIONB0celuR1srsDn0eK4U42olOBDCN0VCoxQoSuaI61BAtsu5PSZmH3YorNo6J
e/wSTmvyqHezMqn8mslwM6rTi5W3/w/8mAEjUhLxgXDift+UHBo5XHENGw6ZHU57
k5bB/clPHTKLVtXNoYR/jjulwLzy2NbeLYoDdaSEMN4yuiLUNJx4mw==
=dqY4
-----END PGP PUBLIC KEY BLOCK-----

and created a publickey.txt file which I imported via

Code:

$ gpg --import publickey.txt

Did work nicely and I also could verify the SHA256SUM.asc by using

Code:

 $ gpg --verify SHA256SUMS.asc

Thanks a lot!

But what I still don't get is, does this mean the original releasae-key (https://github.com/bitcoin-core/bitcoincore.org/blob/master/keys/laanwj-releases.asc) isn't a part of the pgp-publickey-libraries anymore? Do you know the reason for it?

nc50lc

legendary

Activity: 2534

Merit: 6080

Self-proclaimed Genius

No, it's the signing key of SHA256SUMS.asc for v0.21.2.
You should "manually" import that other key from bitcoincore.org's repository, the one I've linked which is the RSA key 90C8019E36C2E964:

Code:

01EA5486DE18A882D4C2684590C8019E36C2E964 Wladimir J. van der Laan (Bitcoin Core binary release signing key)

It's a separate key from the one you got from bitcoin repository.

harlequininja

jr. member

Activity: 46

Merit: 13

Yes it is an older version straight form the bitcoincore.org server

https://bitcoincore.org/bin/bitcoin-core-0.21.2/

Should I replace the SHA256SUMS.asc with the laanwj-releases.asc?

Because I looked up the Wladimir's key here:

https://github.com/bitcoin/bitcoin/blob/master/contrib/builder-keys/keys.txt

Code:

71A3B16735405025D447E8F274810B012346C9A6 Wladimir J. van der Laan (laanwj)

I successfully received his key but still couldn't verify the SHA256SUMS.asc file. Huh

nc50lc

legendary

Activity: 2534

Merit: 6080

Self-proclaimed Genius

It's one of those older versions that are exclusive to bitcoincore.org right?
For that, you need to import Wladimir's key for Bitcoin Core binary releases: github.com/bitcoin-core/bitcoincore.org/blob/master/keys/laanwj-releases.asc

harlequininja

jr. member

Activity: 46

Merit: 13

Hi,

I tried to verify the SHA256SUMS.asc form Bitcoincore 0.21.2.
I get

Code:

gpg: Signature made Wed 29 Sep 2021 06:26:46 BST
gpg:        using RSA key 90C8019E36C2E964
gpg: Can't check signature: No public key

When I fetch the Key form hkps://keys.openpgp.org I get

Code:

gpg: key 90C8019E36C2E964: new key but contains no user ID - skipped
gpg:        Total number processed: 1
gpg:               w/o user IDs:1

I understand that it has something to do with the RSA-format but I can't figure out how to receive the proper public key in order to verify the SHA256SUMS. I also collected some public keys form contributors of this version but it didn't work.

Help is very much appreciated.

Topic: Bitcoincore 0.21.2 - SHA256SUMS.asc (Read 123 times)