Title: Bad Signature for the bitcoin-0.15.0.1 file Post by: ora.zhang on November 04, 2017, 09:59:07 AM Hi,
I try to install the latest version of bitcoin-qt. But the GPG signature is not verified, downloading the new version from github and bitcoincore.org is tried. When I try to run the command 'gpg2 --verify bitcoin-0.15.0.1-osx.dmg.asc bitcoin-0.15.0.1-osx.dmg', the following message shows: gpg: Signature made 二 9/19 20:16:05 2017 HKT gpg: using RSA key 90C8019E36C2E964 gpg: BAD signature from "Wladimir J. van der lann (Bitcoin Core binary release signing key) <lannwj@gmail.com" [unkown] Here is my asc file which is from the github. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJZwQqFAAoJEJDIAZ42wulkZQ0P/0hkk9rcBenvHjUAQ1mYeSAW T8mxFosWT24TDR5EO3vgemaNpzmr3W4hs46gIuM7cIqmKHMPcYNdt3PkYUiu7x9A nFf76AjeHjwDNclOas746I8vMMB6pry6qO4hFF2WuLKRlBYjMKJIMjYrkmm4kur6 8GUwvJX7XnfgzJxMCLkaBPLiTYCAwKqPks4hbGdn6OWEefS1EjrLY8U4Ytkt03ZU OceP0LYuFIC0NhaOMzv6EPeH83WAeIQgqmx3xZfewqPCCmj/7g/eK8VLp6ouZ6oL YSSMZerN+n6BNDYVYy42LVwF2wDqTHIyDHQy5MEd038oeVjs9aj4yXv/2snj08FB H39mum1sx7AW2GfjZPO7XvjkyfEJphB0VWGxAh/Ht01pMA6LzoH87m1MU6GZVJ8w jPHNqAmEanhINv00OFmfDBWIaY5EUpiA30T7OaH8Z8fiwpBVOoNMWS5aO02TAQtp OUhSUaY5zorgguhKhZbPjBniP5IcdSLVfIPCYBCYIuoj1hnhtDkJUaajhvSpTbZT SqPIW402aKSr0T/Dob7CwD5F2DRoq550BvbLQyE6PU0niXbX2SCIeGqRanrtT336 MExaKCnEWXOxhbSQd9tV1Se9IGLfR0ac3pFPINwtVXVum20sTN79B3rBS3OlzC3d 1T7DWnSvkb2o6glQ00SL =kBtV -----END PGP SIGNATURE----- I also try the shasum to check the md5 signature, but it works. Could someone give me some info about 'the bad pgp signature' ? Title: Re: Bad Signature for the bitcoin-0.15.0.1 file Post by: Lauda on November 04, 2017, 11:07:28 AM Can you try doing the same for Bitcoin Core 0.14.0 and 0.15.0 just in order to see whether this issue is limited to your end or a specific version? I've sent Wladimir a message and don't have OSX myself to test on it.
Title: Re: Bad Signature for the bitcoin-0.15.0.1 file Post by: cr1776 on November 04, 2017, 11:35:02 AM Can you try doing the same for Bitcoin Core 0.14.0 and 0.15.0 just in order to see whether this issue is limited to your end or a specific version? I've sent Wladimir a message and don't have OSX myself to test on it. I can test on OS X later today if needed. (After an outing with the kids) Title: Re: Bad Signature for the bitcoin-0.15.0.1 file Post by: Lauda on November 04, 2017, 11:58:04 AM Can you try doing the same for Bitcoin Core 0.14.0 and 0.15.0 just in order to see whether this issue is limited to your end or a specific version? I've sent Wladimir a message and don't have OSX myself to test on it. I can test on OS X later today if needed. (After an outing with the kids)Thanks. Title: Re: Bad Signature for the bitcoin-0.15.0.1 file Post by: ora.zhang on November 05, 2017, 06:23:25 AM Can you try doing the same for Bitcoin Core 0.14.0 and 0.15.0 just in order to see whether this issue is limited to your end or a specific version? I've sent Wladimir a message and don't have OSX myself to test on it. I tried these versions 0.15.0, 0.14.0,0.13.0, unfortunately there is a good signature found. I also tried downloading the dmg package and verified in window pc, it also failed. Here is a asc file I used(Sorry, I don't find a way to upload file), could you help to have a look at it in case I do something wrong when I copied it from the SHA256SUMs.asc file.Here is the content of the file, and I use notpad++ to create this file: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJZwQqFAAoJEJDIAZ42wulkZQ0P/0hkk9rcBenvHjUAQ1mYeSAW T8mxFosWT24TDR5EO3vgemaNpzmr3W4hs46gIuM7cIqmKHMPcYNdt3PkYUiu7x9A nFf76AjeHjwDNclOas746I8vMMB6pry6qO4hFF2WuLKRlBYjMKJIMjYrkmm4kur6 8GUwvJX7XnfgzJxMCLkaBPLiTYCAwKqPks4hbGdn6OWEefS1EjrLY8U4Ytkt03ZU OceP0LYuFIC0NhaOMzv6EPeH83WAeIQgqmx3xZfewqPCCmj/7g/eK8VLp6ouZ6oL YSSMZerN+n6BNDYVYy42LVwF2wDqTHIyDHQy5MEd038oeVjs9aj4yXv/2snj08FB H39mum1sx7AW2GfjZPO7XvjkyfEJphB0VWGxAh/Ht01pMA6LzoH87m1MU6GZVJ8w jPHNqAmEanhINv00OFmfDBWIaY5EUpiA30T7OaH8Z8fiwpBVOoNMWS5aO02TAQtp OUhSUaY5zorgguhKhZbPjBniP5IcdSLVfIPCYBCYIuoj1hnhtDkJUaajhvSpTbZT SqPIW402aKSr0T/Dob7CwD5F2DRoq550BvbLQyE6PU0niXbX2SCIeGqRanrtT336 MExaKCnEWXOxhbSQd9tV1Se9IGLfR0ac3pFPINwtVXVum20sTN79B3rBS3OlzC3d 1T7DWnSvkb2o6glQ00SL =kBtV -----END PGP SIGNATURE----- Title: Re: Bad Signature for the bitcoin-0.15.0.1 file Post by: wumpus on November 05, 2017, 09:04:30 AM Where did you get those files? I think they are falsified! BE VERY CAREFUL and don't run it.
- My name is not "Wladimir J. van der lann" but "Wladimir J. van der Laan" (and my mail is not lannwj@gmail.com either) - There is no "bitcoin-0.15.0.1-osx.dmg.asc". The only signed file in the distribution should be "SHA256SUMS.asc" which contains a list of SHA256 hashes, one for every file. I followed the following steps on the command line to manually check the correctness of the release signing signature on 0.15.0.1: Code: $ wget https://bitcoin.org/bin/bitcoin-core-0.15.0.1/bitcoin-0.15.0.1-osx.dmg Do not run any dmg or other binary until you get an output like this. Title: Re: Bad Signature for the bitcoin-0.15.0.1 file Post by: ora.zhang on November 05, 2017, 09:27:25 AM Where did you get those files? I think they are falsified! BE VERY CAREFUL and don't run it. - My name is not "Wladimir J. van der lann" but "Wladimir J. van der Laan" (and my mail is not lannwj@gmail.com either) - There is no "bitcoin-0.15.0.1-osx.dmg.asc". The only signed file in the distribution should be "SHA256SUMS.asc" which contains a list of SHA256 hashes, one for every file. I followed the following steps on the command line to manually check the correctness of the release signing signature on 0.15.0.1: Code: $ wget https://bitcoin.org/bin/bitcoin-core-0.15.0.1/bitcoin-0.15.0.1-osx.dmg Do not run any dmg or other binary until you get an output like this. Thanks Wladimir. I spelled incorrect name and email when I post this topic.ou I run the command in your reply and 'good signature' shows. Thanks a lot. But I'm still wondering why I failed, since normally I use the following way to check pgp, and it works for electrum and dash wallet. Would you mind to get me hints? Here is what I did to check the signature: 1. Dowload the 'bitcoin-0.15.0.1-osx.dmg' and 'SHA256SUMS.asc'. 2. 'touch bitcoin-0.15.0.1-osx.dmg.asc' file and copy the signature part from 'SHA256SUMS.asc' file. 3. run 'gpg2 --verify bitcoin-0.15.0.1-osx.dmg.asc bitcoin-0.15.0.1-osx.dmg'. Title: Re: Bad Signature for the bitcoin-0.15.0.1 file Post by: wumpus on November 05, 2017, 10:31:10 AM 2. 'touch bitcoin-0.15.0.1-osx.dmg.asc' file and copy the signature part from 'SHA256SUMS.asc' file. When you change a file, or crop part out of it, you invalidate the signature. It would be more worrying if that worked.Title: Re: Bad Signature for the bitcoin-0.15.0.1 file Post by: ora.zhang on November 06, 2017, 12:31:36 PM 2. 'touch bitcoin-0.15.0.1-osx.dmg.asc' file and copy the signature part from 'SHA256SUMS.asc' file. When you change a file, or crop part out of it, you invalidate the signature. It would be more worrying if that worked.Thanks a lot for your info. |