I am creating some paperwallets by
https://moneroaddress.org/I anyway can avoid possible botnets by using that page offline when creating papewallet. But to be sure that the nmemonic seed is real, I has to check by some onlinewallet.
At the end of that site there is some guide of using GPG key. I guess a can download the same address-generator code from github and verify the validity of the code by GPG. The guide anyway is slightly messy for me. Can someone explain it more simple way? If it is possible?
[1] Download the .ZIP file from ->
https://github.com/moneromooo-monero/monero-wallet-generator. You can extract it on an USB, preferably a fresh one. It contains an HTML page that is used as generator and can be used offline.
[2] You can grab MoneroMooo's PGP key from ->
https://raw.githubusercontent.com/monero-project/bitmonero/master/utils/gpg_keys/moneromooo.asc. Subsequently, you can use any PGP/GPG program to verify if the generator hasn't been tampered with. The program simply verifies that the generator has been PGP signed by MoneroMooo. You should see a message similar to:
I am not sure, but I think this step can also be performed offline.
[3] Once you have verified the seed and have all the compartments on a fresh USB, you can bring the fresh USB to an offline/airgapped pc to generate a paperwallet with it.
Does this answer all your questions?
EDIT: Included a screenshot how [2] should look like:
EDIT2: If you or anyone else needs additional help or a walk through regarding [2], feel free to PM me on IRC. I am at #monero on freenode. I'll compile a guide for it later.
Looks like you have some kind of GUI GPG. Where is that available? I used linux command line.
Anyway. I progressed. This is what I did.
1. I downloaded the ZIP-file from
https://github.com/moneromooo-monero/monero-wallet-generator2. I opened this site
https://raw.githubusercontent.com/monero-project/bitmonero/master/utils/gpg_keys/moneromooo.asc and copypasted its whole contain to a texteditor, named the file as moneromooo.asc and saved it to the same directory where I dowloaded the ZIP file. I did not yet use USB stick since I am just testing.
3. I opened the linux command line and went to the folder where I put those files. I gave command
$
gpg --import moneromooo.ascgpg: /home.gnupg/trustdb.gpg: trustdb created
gpg: key 4D6CEFC3: public key "moneromooo-monero <
[email protected]>" bring
gpg: All in all treated: 1
gpg: bring: 1 (RSA: 1)
4. I gave command
$
gpg --verify monero-wallet-generator.html.ascgpg: Signature made to 7. january 2016 02.14.58 EET using RSA key ID 4D6CEFC3
gpg: Good signature from "moneromooo-monero <
[email protected]>"
gpg: WARNING: This key is not certified as a reliable signature!
gpg: There is no guarantee that the signature really belongs to its holder.
Primary key fingerprint: 48B0 8161 FBDA DFE3 93AD FC3E 686F 0745 4D6C EFC3
So is everything just fine? Looks like there is some problem with the key. I am not using english linux so I made some translations to those messages. Do not wonder if the language looks slightly different than usually.