Posted this in another thread but didn't get a response so creating a separate topic for it.
Context: In response to a Wasabi wallet scam, verifying PGP signatures was pointed out as a solution. However, someone (nc50lc) highlighted that users were too lazy to verify PGP signatures for their wallet downloads. They preferred a
download-install-open method.
Went to do some digging and found this.
Source:
https://securityboulevard.com/2018/11/10-rules-for-the-secure-use-of-cryptocurrency-hardware-wallets/Users of cryptocurrency software should demand reproducible builds and code-signed executables to prevent tampering by an attacker post-installation. The advantage of code-signing, relative to manual verification with a tool like GPG, is that code signatures are automatically verified by the operating system on every launch of the application, whereas manual verification is typically only performed once, if at all. Even verifiable software, though, can still be subverted at runtime. Recognize that general-purpose computing devices are exposed to potentially risky data from untrusted sources on a routine basis.
Can someone explain:
(1) Why don't these wallets implement the code-signing mechanism mentioned above? If the OS can automatically verify the program at launch each time, isn't this a solution to having users verifying PGP by themselves?
(2) Is it right to say that if the wasabi wallet had the code-signing mechanism implemented, it would have been easier for users to perform the verification as they can easily view the properties of the file to see who the digital signatures belong to (like in this example:
https://www.sslsupportdesk.com/how-to-verify-a-digital-code-signing-signature-in-windows/)
Thanks.
