Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Author

Topic: Help With Checking the Signature of Electrum Download (Read 613 times)

Muhammed Zakir
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
Help With Checking the Signature of Electrum Download
July 08, 2015, 01:10:24 PM
#7
Quote from: techrun on July 07, 2015, 05:15:03 PM
On this page:

https://bitcoin-otc.com/viewgpg.php?nick=Animazing

What is meant by a "fingerprint", as given in one of the column headings? 

Thanks

The fingerprint you see is fingerprint of Animazing's public key which is used to verify the PGP key you have is Animazing's.

For example, if Alice wishes to authenticate a public key as belonging to Bob, she can contact Bob over the phone or in person and ask him to read his fingerprint to her, or give her a scrap of paper with the fingerprint written down. Alice can then check that this trusted fingerprint matches the fingerprint of the public key. Exchanging and comparing values like this is much easier if the values are short fingerprints instead of long public keys.

{...}

In addition, fingerprints can be queried with search engines in order to ensure that the public key that a user just downloaded, can be seen by third party search engines. If the search engine returns hits referencing the fingerprint linked to the proper site(s), one can feel more confident that the key is not being injected by an attacker, such as a Man-in-the-middle(MITM) attack.


https://en.wikipedia.org/wiki/Public_key_fingerprint

https://www.nieveler.org/PGP/pgp.htm
techrun
newbie
Activity: 22
Merit: 0
Re: Help With Checking the Signature of Electrum Download
July 07, 2015, 05:15:03 PM
#6
On this page:

https://bitcoin-otc.com/viewgpg.php?nick=Animazing

What is meant by a "fingerprint", as given in one of the column headings? 

Thanks
techrun
newbie
Activity: 22
Merit: 0
Re: Help With Checking the Signature of Electrum Download
May 31, 2015, 01:40:57 PM
#5
OK, thank you for that.
Muhammed Zakir
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
Re: Help With Checking the Signature of Electrum Download
May 31, 2015, 01:36:13 PM
#4
Quote from: techrun on May 31, 2015, 01:34:22 PM
Thanks.  Can you explain why is there no reason to be concerned?  It's telling me Animazing has not authenticated for 866 days.  Why is that not a problem?

He may not have logged into that account. The PGP fingerprint is still the same. So there is no reason to be concerned.
techrun
newbie
Activity: 22
Merit: 0
Re: Help With Checking the Signature of Electrum Download
May 31, 2015, 01:34:22 PM
#3
Thanks.  Can you explain why is there no reason to be concerned?  It's telling me Animazing has not authenticated for 866 days.  Why is that not a problem?  

Muhammed Zakir
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
Re: Help With Checking the Signature of Electrum Download
May 31, 2015, 01:26:14 PM
#2
Quote from: techrun on May 31, 2015, 01:16:27 PM
1) Is the "NOT AUTHENTICATED" message above something I should be concerned about?  I am trying to check a signature after all. 

No.

Quote from: techrun on May 31, 2015, 01:16:27 PM
2) If it's not, I still can't see the public key for Animazing.  How am I supposed to work out where to find it?  Someone else has given me a url of where to find it, but how would I work out this for myself, just from the bitcoin-otc.com links given???

Thanks

Click '9914864DFC33499C6CA2BEEA22453004695506FD' under 'fingerprint' in https://bitcoin-otc.com/viewgpg.php?nick=Animazing.
techrun
newbie
Activity: 22
Merit: 0
Re: Help With Checking the Signature of Electrum Download
May 31, 2015, 01:16:27 PM
#1
Hi Guys

I have downloaded the Windows Installer for the Electrum Wallet from:  

https://electrum.org/#download

and now I want to check the GPG signature, as given in the .asc file for download.  

I am told on the page that the Windows Installer is signed by someone with the nickname Animazing.  If I click on the Animazing link, I get to this page:  

https://bitcoin-otc.com/viewgpg.php?nick=Animazing

Then, if I click on Animazing again, I get to this page:  

https://bitcoin-otc.com/viewratingdetail.php?nick=Animazing&sign=ANY&type=RECV

which gives me this message:

"This user is currently NOT AUTHENTICATED. This user has not authenticated for more than 866 days. If you are currently talking to someone who claims to be this person, you may be talking to an impostor and scammer."

Some questions:

1) Is the "NOT AUTHENTICATED" message above something I should be concerned about?  I am trying to check a signature after all.  

2) If it's not, I still can't see the public key for Animazing.  How am I supposed to work out where to find it?  Someone else has given me a url of where to find it, but how would I work out this for myself, just from the bitcoin-otc.com links given???

Thanks







Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Jump to: