Author

Topic: What is "Animazing" and why does it come up with ThomasV's pub key? (Read 243 times)

legendary
Activity: 2758
Merit: 6830
-snip-
Did you even read the thread?

I know you are that gut which *for some reason* simply hates signatures and loves hashes, but can you stop with the trolling? That’s just pure ignorance.
newbie
Activity: 11
Merit: 0
Hi!
I have just started to upgrade Electrum wallet.

1. Why sign is other? Why ThomasV's key in 3.3.4 is different than in 3.3.3?
Was https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6
Now is https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc
Wtf?

2. Who is "animazing"?

3. Is Electrum.org hacked?
I don't trust Electrum anymore!

https://i.imgur.com/0WMpwk7.png

4. Anybody know, what is going on?
legendary
Activity: 3710
Merit: 1586
Animazing was a developer who contributed to electrum in the past. He used to sign the windows releases.

Here's a guide to verifying the sig with kleo.

Don't copy paste the signature or the public keys. Instead use your browser's save file function.
member
Activity: 120
Merit: 10
#1 make sure you are at https://electrum.org type it in manualy

#2 make sure that when saving the signature to switch to save as All File Types and if the name is ending in .txt erase it before saving
     once saved it should have a blue lock icon and it will work then

#3 try and use ThomasV signature if possible for your OS/version to be extra safe. otherwise make damn sure that the sig attached is in official safe list
     before checking it.
HCP
legendary
Activity: 2086
Merit: 4363
Yeah, trying to follow the http ://keys.gnupg.net... link also redirects me to the https ://analytics.sumptuouscapital.com... page ??!? Shocked Huh

Very strange... I suspect some sort of DNS issue somewhere along the line... possibly because my local router is configured to use OpenDNS? Huh

Just FYI, out of all the GPG keyservers that are listed when you search "gpg keyserver" on Google, the most reliable I've found seems to be: https://keyserver.ubuntu.com/ Most of the others return errors Undecided

newbie
Activity: 5
Merit: 2
Thanks I'm not sure why that one web browser keeps getting shunted to that page but I got the right key imported.


I should say I haven't verified the signature for electrum as whenever I run it on Windows my AV tells me who signed it (I think it's the AV anyway).


LOL.  Honestly I never thought I'd be so paranoid about installing anything before.  I'm *not* naive when it comes to computer security I can imagine *so many* attack vectors I'm scared of everything.

Not sure realistic some of them are, but BTC is a ripe, ripe target ya know.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
I get this when clicking the ID link? http://keys.gnupg.net/pks/lookup?op=get&search=0x2BD5824B7F9470E6

I should say I haven't verified the signature for electrum as whenever I run it on Windows my AV tells me who signed it (I think it's the AV anyway).

https://www.google.com/amp/s/amp.reddit.com/r/GnuPG/comments/2q73b6/verifying_gnupg_itself/ an issue with the files probably as this seems to suggest an error occurs while someone updates the gpg software and tries to test the signature of the update Grin. One of the reasons I trust hashes more than signatures in this case. I find it more likely that 7zip and other hash processors will be compromised compared to the gpg software (there's more at stake with gpg).
newbie
Activity: 5
Merit: 2
Okay so I dunno what but if I use a different browser I don't get shunted to the analytics page..

Thanks for the info about the precise file name I didn't realize that.

Any idea what i/o error 218136625 means?
newbie
Activity: 5
Merit: 2
Okay okay I swear I'm not trolling ->

If I am my desktop and point Chrome (desktop PC, not really secure, no BTC here) at that keys.gnupg.net link I get the right info with the ThomasV public key.

If I point my laptop (brand new clean laptop, where I'm trying to install electrum) at that site, I get shunted to something called analytics.sumptuouscapital.com with a plain generic login page and a link to a web analytics company called "matomo"

http://keys.gnupg.net/pks/lookup?search=0x6694D8DE7BE8EE5631BED9502BD5824B7F9470E6&fingerprint=on&op=index

I know this is the right page but it will seriously *not* come up..  Huh Huh
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
C&P into notepad and save as .asc, import.  Right?

The sig file has to have the exact same name as the executable file with .asc as the final extension.  
So, just like this:
Code:
electrum-3.3.4-setup.exe.asc


Import that key and it comes up as "[email protected]" signed 1/15/2013 with the wrong fingerprint.

If you go to the download page on electrum.org, near the top of the page there's link to ThomasV's public key hosted on gnupg.net.
Look for the text "Sources and executables are signed by ThomasV," and click on the link.  It'll take you to this page:
http://keys.gnupg.net/pks/lookup?search=0x6694D8DE7BE8EE5631BED9502BD5824B7F9470E6&fingerprint=on&op=index

I've seen [email protected] included in ThomasV's public key, so I don't think there's anything wrong there.
newbie
Activity: 5
Merit: 2
Ya that one. 

C&P into notepad and save as .asc, import.  Right?

Import that key and it comes up as "[email protected]" signed 1/15/2013 with the wrong fingerprint.

Somewhich way the ThomasV key with the fingerprint from here:

https://www.youtube.com/watch?v=hjYCXOyDy7Y

Also got imported.

But regardless nothing will decode or verify everything returns this i/o error either a generic one or with this code: 218136625

I've tried this on three different computers now on three versions of kleopatra.  I feel like i'm taking crazy pills.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Assuming you mean the main page, one of those links takes me here: https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc

I think that's right?
newbie
Activity: 5
Merit: 2
So I'm trying to verify my 3.3.4 installer like a good little bitcoiner and keep running into stupid + weird problems.

Discussing the electrum.org/#download page ->

When I try to grab ThomasV's public key from the top link, I get shunted to some login page for analytics.sumptuouscaptial.com.

When I try to grab ThomasV' public key from the bottom link I get some weird key - in addition to the usual ThomasV key with the verified fingerprint another certificate called "[email protected]" comes up with a totally different print.

I'm definitely looking at electrum.org.

When I actually try to decrypt the sig file with the installers, I always get

"Kleopatra: COuld not open file <> for reading: input/output error (218136625)"

I'm getting this result from like 3 versions of Kleopatra including the latest.

What in the world am I doing wrong?
Jump to: