Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Author

Topic: web of trust question -- laanwj gpg key (Read 186 times)

Captain-Cryptory
newbie
Activity: 23
Merit: 853
web of trust question -- laanwj gpg key
July 25, 2020, 03:46:17 AM
#4
Quote from: phlebas on June 04, 2020, 11:08:50 AM
It's been a while since I used gpg, and the resources I used to use to verify that a key was legit (like pgp.mit.edu) seem not to work like they used to. So I'm a bit stumped.

This post announcing the release of Bitcoin Core 0.20.0: https://lists.linuxfoundation.org/pipermail/bitcoin-core-dev/2020-June/000091.html
... shows a sig from key 9DEAE0DC7063249FB05474681E4AED62986CD25D

I have an old key for Wladimir J. van der Laan 01EA5486DE18A882D4C2684590C8019E36C2E964.

Please can anybody tell me how I'm supposed to be sure that 9DEAE0DC7063249FB05474681E4AED62986CD25D is indeed a legit key?

I would suggest you to test any key/s (when in doubt)  with "PGP pathfinder & key statistics" using the following service.  But to do that you need to have key/s of other people (sure, members of crypto community)  to whom you trust, thus increasing your confidence in the checked key/s.

lacir
newbie
Activity: 16
Merit: 0
Re: web of trust question -- laanwj gpg key
July 22, 2020, 10:00:25 AM
#3
Quote from: o_e_l_e_o on June 04, 2020, 02:09:43 PM
01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964 is the key he uses to sign the binaries. If you go to https://bitcoin.org/en/download, you will find the release signatures signed with that key.

The key 9DEA E0DC 7063 249F B054 7468 1E4A ED62 986C D25D is a subkey of the primary key 71A3 B167 3540 5025 D447 E8F2 7481 0B01 2346 C9A6. This primary key is displayed on his GitHub here: https://github.com/laanwj

You can find this key, and the associated public key block, at the following:

https://keyserver.ubuntu.com/pks/lookup?search=0x9DEAE0DC7063249FB05474681E4AED62986CD25D&op=index

http://pool.sks-keyservers.net/pks/lookup?search=0x9DEAE0DC7063249FB05474681E4AED62986CD25D&op=index

Technically as I understood it the main key for signing binaries is
01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964. So you don't need another key from GitHub to run bitcoind. It's just for informative purpose that he is truly the one behind release notes.
o_e_l_e_o
legendary
Activity: 2268
Merit: 18771
Re: web of trust question -- laanwj gpg key
June 04, 2020, 02:09:43 PM
#2
01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964 is the key he uses to sign the binaries. If you go to https://bitcoin.org/en/download, you will find the release signatures signed with that key.

The key 9DEA E0DC 7063 249F B054 7468 1E4A ED62 986C D25D is a subkey of the primary key 71A3 B167 3540 5025 D447 E8F2 7481 0B01 2346 C9A6. This primary key is displayed on his GitHub here: https://github.com/laanwj

You can find this key, and the associated public key block, at the following:

https://keyserver.ubuntu.com/pks/lookup?search=0x9DEAE0DC7063249FB05474681E4AED62986CD25D&op=index

http://pool.sks-keyservers.net/pks/lookup?search=0x9DEAE0DC7063249FB05474681E4AED62986CD25D&op=index
phlebas
newbie
Activity: 1
Merit: 2
Re: web of trust question -- laanwj gpg key
June 04, 2020, 11:08:50 AM
#1
It's been a while since I used gpg, and the resources I used to use to verify that a key was legit (like pgp.mit.edu) seem not to work like they used to. So I'm a bit stumped.

This post announcing the release of Bitcoin Core 0.20.0: https://lists.linuxfoundation.org/pipermail/bitcoin-core-dev/2020-June/000091.html
... shows a sig from key 9DEAE0DC7063249FB05474681E4AED62986CD25D

I have an old key for Wladimir J. van der Laan 01EA5486DE18A882D4C2684590C8019E36C2E964.

Please can anybody tell me how I'm supposed to be sure that 9DEAE0DC7063249FB05474681E4AED62986CD25D is indeed a legit key?
Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Jump to: