Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Author

Topic: Verify paperwallet GPG (Read 1029 times)

HI-TEC99
legendary
Activity: 2772
Merit: 2846
Verify paperwallet GPG
June 12, 2017, 04:24:14 PM
#7
Quote from: landuvour on June 12, 2017, 12:54:34 PM
Perfect, I will follow your indications for best verifying signature.

This topic brings me spontaneously to ask you another question.

Can you advise me a good bitcoin (and maybe eth Wink) paper wallet generator?  So good I can verify who is the owner and his signature, in other words a generator made up by a reliable developer.

Thanks a lot again!


Sorry, I can't advise about paper wallets. I have never used them to store coins, so I don't have enough experience of them to give good advice. I'm sure other users here will help.
landuvour
newbie
Activity: 19
Merit: 0
Re: Verify paperwallet GPG
June 12, 2017, 12:54:34 PM
#6
Perfect, I will follow your indications for best verifying signature.

This topic brings me spontaneously to ask you another question.

Can you advise me a good bitcoin (and maybe eth Wink) paper wallet generator?  So good I can verify who is the owner and his signature, in other words a generator made up by a reliable developer.

Thanks a lot again!
HI-TEC99
legendary
Activity: 2772
Merit: 2846
Re: Verify paperwallet GPG
June 11, 2017, 07:34:45 PM
#5
Quote from: landuvour on June 11, 2017, 06:47:43 PM
Thanks HI-TEC99

I have followed religiously your guide posted in the link, through cleopatra I get:

generate-wallet.html.sig: Signature is valid
Signed on 2016-02-23 15:53 with unknown certificate 0x761F7D53D11591274A170B839277AD7136E1D9B6.

but, I don't have certificate of Canton Becker (the maker of bitcoin paperwallet) Grin I only have trough his website these:
PGP Public Key ... (very long as you know  Cheesy)
RSA Key ID: 36E1D9B6
Fingerprint: AB12 6777 451C 7A18 C172 3297 C525 F065 0B16 DF4B

How can I connect this certificate to him?



Ideally you should personally check in multiple places you trust that a signature really does belong to someone you trust. Often even experienced professionals skip that step and just use whatever is on a key server, but that's very risky. This quote sums up what you should do.

https://serverfault.com/questions/569911/how-to-verify-an-imported-gpg-key

Quote
A "trusted signature" is a signature from a key that you trust, either because (a) you have personally verified that it belongs to the person to whom it claims to belong, or (b) because it has been signed by a key that you trust, possibly through a series of intermediate keys.

I found a reddit post containing that fingerprint by someone with the username cantonbecker. However, I don't know Canton Becker well enough to confirm if that really is his reddit account. You will have to google some more to find something you can double check with.

https://www.reddit.com/r/GnuPG/comments/1lsuih/am_i_pgpsigning_my_bitcoin_wallet_generator/ccfzj6e/

Quote
However I don't want to put my key fingerprint in the README file itself because the whole point of signing the document is discouraging people from trusting the download itself without double-checking...

As a start, I'll take your advice and post my fingerprint info here Smiley

AB12 6777 451C 7A18 C172 3297 C525 F065 0B16 DF4B http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC525F0650B16DF4B
cr1776
legendary
Activity: 4214
Merit: 1313
Re: Verify paperwallet GPG
June 11, 2017, 07:17:28 PM
#4
Quote from: landuvour on June 11, 2017, 06:47:43 PM
Thanks HI-TEC99

I have followed religiously your guide posted in the link, through cleopatra I get:

generate-wallet.html.sig: Signature is valid
Signed on 2016-02-23 15:53 with unknown certificate 0x761F7D53D11591274A170B839277AD7136E1D9B6.

but, I don't have certificate of Canton Becker (the maker of bitcoin paperwallet) Grin I only have trough his website these:
PGP Public Key ... (very long as you know  Cheesy)
RSA Key ID: 36E1D9B6
Fingerprint: AB12 6777 451C 7A18 C172 3297 C525 F065 0B16 DF4B

How can I connect this certificate to him?



I believe that is what he is talking about on the github page you linked to above when he says:
Quote
'If you get warnings like "This key is not certified, there is no indication that the key belongs to the owner" do not worry, this is normal.

As long as the signature is valid, that is enough.
landuvour
newbie
Activity: 19
Merit: 0
Re: Verify paperwallet GPG
June 11, 2017, 06:47:43 PM
#3
Thanks HI-TEC99

I have followed religiously your guide posted in the link, through cleopatra I get:

generate-wallet.html.sig: Signature is valid
Signed on 2016-02-23 15:53 with unknown certificate 0x761F7D53D11591274A170B839277AD7136E1D9B6.

but, I don't have certificate of Canton Becker (the maker of bitcoin paperwallet) Grin I only have trough his website these:
PGP Public Key ... (very long as you know  Cheesy)
RSA Key ID: 36E1D9B6
Fingerprint: AB12 6777 451C 7A18 C172 3297 C525 F065 0B16 DF4B

How can I connect this certificate to him?

HI-TEC99
legendary
Activity: 2772
Merit: 2846
Re: Verify paperwallet GPG
June 11, 2017, 03:30:38 AM
#2
Read the whole of this thread and you might find the answers you are looking for. It has detailed instructions for using gpg to verify electrum

https://bitcointalksearch.org/topic/electrum-and-gpg4win-1836004

36E1D9B6 appears on this page as a subkey

http://keys.gnupg.net/pks/lookup?op=vindex&search=0xC525F0650B16DF4B

Often the primary key is used for signing, and the subkey used for encryption.

There's more information about subkeys here.

https://superuser.com/questions/632375/why-does-gpg-pgp-by-default-use-different-keys-for-signing-encryption
landuvour
newbie
Activity: 19
Merit: 0
Re: Verify paperwallet GPG
June 10, 2017, 07:57:01 PM
#1
Hi  Cheesy, I want to verify this paperwallet creator
https://github.com/cantonbecker/bitcoinpaperwallet

Canton Becker says that I can verify authenticity through GPG, so I've installed GPGforWin with all features: GnuPg, Kleopatra, GPA, GpgOL, GpgEX. I run Windows 10 64 bit.

In the README Canton says: 'go to appropriate directory and type in these two commands':
  gpg --recv-key 36E1D9B6
  gpg --verify --with-fingerprint generate-wallet.html.sig generate-wallet.html

So, I open as an admin 'command prompt' and I type:        gpg --recv-key 36E1D9B6

I get:

gpg: requesting key 36E1D9B6 from hkp server keys.gnupg.net
gpg: no valid OpenPGP data found
gpg: total number processes: 0
gpg: keyserver communications error: keyserver helper internal error
gpg: keyserver communications error: General error
gpg: keyserver receive failed: General error

when I try to type this line:         gpg --verify --with-fingerprint generate-wallet.html.sig generate-wallet.html

I get:

gpg: impossible open 'generate-wallet.html.sig': No such file or directory
gpg: verify signatures failed: No such file or directory

Can anyone help me?  Grin

Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Jump to: