I'm not sure what I'm doing wrong, when i generate the hash it matches correct but then I tried verifying as below and got public key not found. I have imported the keys that were listed in OP, there were 5 i think
xxxxxxxxxxx$ gpg --verify SHA256SUMS.asc
gpg: Signature made Tue 23 Aug 2016 16:23:26 CEST using RSA key ID 36C2E964
gpg: Can't check signature: public key not found
I feel like it is safe to use the binary because the hashes did match, is that the case? why have i not go the right public key?
Double check that you have imported the key with fingerprint 01EA5486DE18A882D4C2684590C8019E36C2E964. That's the release signing key.xxxxxxxxxxx$ gpg --verify SHA256SUMS.asc
gpg: Signature made Tue 23 Aug 2016 16:23:26 CEST using RSA key ID 36C2E964
gpg: Can't check signature: public key not found
I feel like it is safe to use the binary because the hashes did match, is that the case? why have i not go the right public key?
Thanks for getting back to me, I must have done something wrong on importing the keys, I had missed that one somehow. Now I am getting this
xxxxxxxxxxx$ gpg --verify SHA256SUMS.asc
gpg: Signature made Tue 23 Aug 2016 16:23:26 CEST using RSA key ID 36C2E964
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964
I have a warning on the output now, is this something I should worry about?
Or can I now safely assume I have correct binary ?
Yes I have not personally trusted the key yet. this is a bit new to me but I intend to devote some more of my time to understanding it better as I agree that it is important to verify the download. Up until now I have usually just downloaded it and started using it right away without verifying anything.
Thanks for your help
