|
Title: PGP verification of Bitcoin core download Post by: calkob on November 30, 2022, 09:36:24 AM So trying to verify 24.0 but using Kleopatra I keep getting a "signatures could not be verified" message. I am guessing this is because I need at least one of the builder keys from the github key list. But when I try to import one of them using this
gpg.exe --keyserver hkps://keys.openpgp.org --recv-keys E463A93F5F3117EEDE6C7316BD02942421F4889F I keep on getting "keyserver receive failed: Certificate expired" message, which surely can't be right, what am I doing wrong here. :-\ Title: Re: PGP verification of Bitcoin core download Post by: Edwardard on November 30, 2022, 09:58:45 AM I keep on getting "keyserver receive failed: Certificate expired" message, which surely can't be right, what am I doing wrong here. :-\ Try changing the keyserver, use this one: Code: gpg.exe --keyserver hkp://keyserver.ubuntu.com --recv-keys E463A93F5F3117EEDE6C7316BD02942421F4889F Title: Re: PGP verification of Bitcoin core download Post by: BitMaxz on November 30, 2022, 11:01:14 AM It seems the error says Certificate expired if this error came from Kleopatra would you mind to try to refresh the expired keys using this command below.
Code: gpg --keyserver hkps://keys.openpgp.org --refresh-keys And make sure that you follow the guide from Bitcoincore.org instead of bitcoin.org And also try not to use hkps:// you must replace it with hkp:// If it didn't work try other suggestion from this post below. - https://bitcointalk.org/index.php?topic=5409845.msg60777226#msg60777226 Title: Re: PGP verification of Bitcoin core download Post by: ABCbits on November 30, 2022, 11:29:22 AM Key server mentioned by @Edwardard works on my end. But using keys.openpgp.org show this error message for few times before gpg manage to import the key.
Code: $ gpg --keyserver hkps://keys.openpgp.org --recv-keys E463A93F5F3117EEDE6C7316BD02942421F4889F On a side note, both Luke Jr key and openpgp.org TLS certificate is created some time ago so i don't understand how OP see error message "keyserver receive failed: Certificate expired". Title: Re: PGP verification of Bitcoin core download Post by: o_e_l_e_o on November 30, 2022, 01:09:55 PM Both keys.openpgp and keyserver.ubuntu are working normally for me. Also pgp.mit.edu, which is the other server I sometimes use. All three are processing Luke Dashjr's key normally without any errors.
For the expired error that OP is receiving - I would first check that your system date and time is accurate, and then I would update Kleopatra/Gpg4win to the latest version, and see if that helps. Title: Re: PGP verification of Bitcoin core download Post by: nc50lc on November 30, 2022, 01:32:09 PM I managed to make gpg4win work with openpgp keyserver by reading this article: www.stephenwagner.com/2021/09/30/sophos-dst-root-ca-x3-expiration-problems-fix/ (http://www.stephenwagner.com/2021/09/30/sophos-dst-root-ca-x3-expiration-problems-fix/)
And this tutorial on how to install certificates to Windows10/7: techglimpse.com/dst-root-ca-x3-expired-certificate-error (https://techglimpse.com/dst-root-ca-x3-expired-certificate-error/#:~:text=fix%20the%20issue.-,On%20Windows%207%20or%2010%3A,-Step%201%3A) Apparently, it is because openpgp's certificate also relies on the expired (on Sept 2021) "DST Root CA X3" certificate which older versions of Windows 10/8/7 still use. (I downloaded the der certificates from letsencrypt instead of the provided links, also needed a restart) But since using other servers should work, just use that "easy method" instead. |