Bitcoin Forum
November 02, 2024, 10:07:25 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Bitcoin Technical Support > web of trust question -- laanwj gpg key
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: web of trust question -- laanwj gpg key  (Read 181 times)
phlebas (OP)
Newbie
*
Offline Offline

Activity: 1
Merit: 2


View Profile
June 04, 2020, 04:08:50 PM
Merited by ranochigo (1), o_e_l_e_o (1)
 #1
It's been a while since I used gpg, and the resources I used to use to verify that a key was legit (like pgp.mit.edu) seem not to work like they used to. So I'm a bit stumped.

This post announcing the release of Bitcoin Core 0.20.0: https://lists.linuxfoundation.org/pipermail/bitcoin-core-dev/2020-June/000091.html
... shows a sig from key 9DEAE0DC7063249FB05474681E4AED62986CD25D

I have an old key for Wladimir J. van der Laan 01EA5486DE18A882D4C2684590C8019E36C2E964.

Please can anybody tell me how I'm supposed to be sure that 9DEAE0DC7063249FB05474681E4AED62986CD25D is indeed a legit key?
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18726


View Profile
June 04, 2020, 07:09:43 PM
Merited by HCP (2), Coding Enthusiast (2)
 #2
01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964 is the key he uses to sign the binaries. If you go to https://bitcoin.org/en/download, you will find the release signatures signed with that key.

The key 9DEA E0DC 7063 249F B054 7468 1E4A ED62 986C D25D is a subkey of the primary key 71A3 B167 3540 5025 D447 E8F2 7481 0B01 2346 C9A6. This primary key is displayed on his GitHub here: https://github.com/laanwj

You can find this key, and the associated public key block, at the following:

https://keyserver.ubuntu.com/pks/lookup?search=0x9DEAE0DC7063249FB05474681E4AED62986CD25D&op=index

http://pool.sks-keyservers.net/pks/lookup?search=0x9DEAE0DC7063249FB05474681E4AED62986CD25D&op=index
lacir
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile WWW
July 22, 2020, 03:00:25 PM
 #3
Quote from: o_e_l_e_o on June 04, 2020, 07:09:43 PM
01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964 is the key he uses to sign the binaries. If you go to https://bitcoin.org/en/download, you will find the release signatures signed with that key.

The key 9DEA E0DC 7063 249F B054 7468 1E4A ED62 986C D25D is a subkey of the primary key 71A3 B167 3540 5025 D447 E8F2 7481 0B01 2346 C9A6. This primary key is displayed on his GitHub here: https://github.com/laanwj

You can find this key, and the associated public key block, at the following:

https://keyserver.ubuntu.com/pks/lookup?search=0x9DEAE0DC7063249FB05474681E4AED62986CD25D&op=index

http://pool.sks-keyservers.net/pks/lookup?search=0x9DEAE0DC7063249FB05474681E4AED62986CD25D&op=index

Technically as I understood it the main key for signing binaries is
01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964. So you don't need another key from GitHub to run bitcoind. It's just for informative purpose that he is truly the one behind release notes.
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Bitcoin Technical Support > web of trust question -- laanwj gpg key
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!