Author

Topic: Electrum 3.2.3 PGP Key Not Valid? (Read 245 times)

legendary
Activity: 2170
Merit: 1789
October 16, 2018, 11:42:00 PM
#6
the comments that PGP chooses has always been very vague in my opinion and has created confusion for years. in case of OP the application is saying the "key" is not valid or in other words the key is not something that OP has in his trusted key database. and it says "signature" is OK but it is "uncertain" which is basically the same as what new versions are saying.

in other words a good signature is found but but the key is not in your apps database of trusted keys.

Correct. GPG has 4 kinds of verification result:
- "Unknown key", which means there is no public key on the database that corresponds to the verification results.
- "Key not valid", which means there is a public key corresponding to the verification results and the message verifies ok, but the users don't trust the owner of that key.
- "Valid", which means that users trust the owner of the public key, and the message verifies ok.
- "Bad", which means that the public key doesn't match with the signature.

So, "Key not valid" should be ok and the file isn't corrupted at all. CMIIW.
legendary
Activity: 3472
Merit: 10611
October 16, 2018, 10:54:32 PM
#5
Thanks for the reply. I was using an old version of GPG4win so i've downloaded it and it looks like yours so all good Smiley

That's still weird though. I don't think an old version should necessarily equate to the signature being found invalid?

the comments that PGP chooses has always been very vague in my opinion and has created confusion for years. in case of OP the application is saying the "key" is not valid or in other words the key is not something that OP has in his trusted key database. and it says "signature" is OK but it is "uncertain" which is basically the same as what new versions are saying.

in other words a good signature is found but but the key is not in your apps database of trusted keys.
legendary
Activity: 1946
Merit: 1427
October 16, 2018, 12:23:02 PM
#4
Thanks for the reply. I was using an old version of GPG4win so i've downloaded it and it looks like yours so all good Smiley

That's still weird though. I don't think an old version should necessarily equate to the signature being found invalid?
newbie
Activity: 2
Merit: 0
October 16, 2018, 12:13:14 PM
#3
Thanks for the reply. I was using an old version of GPG4win so i've downloaded it and it looks like yours so all good Smiley
legendary
Activity: 1946
Merit: 1427
October 16, 2018, 11:52:10 AM
#2
It works just fine for me. Are you sure you imported his keys right?



This is how it should look;



It may say that his certificate is invalid or "The Data could not be verified". This is simply because i haven't created a key and used that to certify his public key. The signatures however are matching.
(I suspect this might also be the case with the data in your screenshot, although i have no clue how *exactly* the program you're using works, so i can't really tell..)

If you however want to do so, there are some great guides availabe; See https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-windows/




EDIT:
I verified his public key for the sake of it. It should look like this;

 

newbie
Activity: 2
Merit: 0
October 16, 2018, 11:27:27 AM
#1
Bitcoin Client Software and Version Number: Electrum 3.2.3
Operating System: Windows 7
System Hardware Specs: NA

Description of Problem: My older version of Electrum stopped connecting so i thought it was time to update. I just downloaded the new version along with the signatures in GPG4Win to verify, but i'm getting "key not valid" "uncertain signature by Thomas Voegtlin". I set it to full trust in Kleopatra but still get the same error. Does this mean the site has been hacked and the new version i just downloaded is potentially malicious? Someone on Reddit said something about me maybe not having a web of trust but the thread has gone cold so i thought i'd try here. Thanks

Screenshot of the problem: https://imgur.com/a/84ogEHD
Jump to: