Bitcoin Forum
November 18, 2017, 02:12:45 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Bad Signature for the bitcoin-0.15.0.1 file  (Read 409 times)
ora.zhang
Newbie
*
Offline Offline

Activity: 9


View Profile
November 04, 2017, 09:59:07 AM
 #1

Hi,
   I try to install the latest version of bitcoin-qt. But the GPG signature is not verified, downloading the new version from github and bitcoincore.org is tried. When I try to run the command 'gpg2 --verify bitcoin-0.15.0.1-osx.dmg.asc bitcoin-0.15.0.1-osx.dmg', the following message shows:

gpg: Signature made 二 9/19 20:16:05 2017 HKT
gpg:                  using RSA key 90C8019E36C2E964
gpg: BAD signature from "Wladimir J. van der lann (Bitcoin Core binary release signing key) <lannwj@gmail.com" [unkown]


Here is my asc file which is from the github.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJZwQqFAAoJEJDIAZ42wulkZQ0P/0hkk9rcBenvHjUAQ1mYeSAW
T8mxFosWT24TDR5EO3vgemaNpzmr3W4hs46gIuM7cIqmKHMPcYNdt3PkYUiu7x9A
nFf76AjeHjwDNclOas746I8vMMB6pry6qO4hFF2WuLKRlBYjMKJIMjYrkmm4kur6
8GUwvJX7XnfgzJxMCLkaBPLiTYCAwKqPks4hbGdn6OWEefS1EjrLY8U4Ytkt03ZU
OceP0LYuFIC0NhaOMzv6EPeH83WAeIQgqmx3xZfewqPCCmj/7g/eK8VLp6ouZ6oL
YSSMZerN+n6BNDYVYy42LVwF2wDqTHIyDHQy5MEd038oeVjs9aj4yXv/2snj08FB
H39mum1sx7AW2GfjZPO7XvjkyfEJphB0VWGxAh/Ht01pMA6LzoH87m1MU6GZVJ8w
jPHNqAmEanhINv00OFmfDBWIaY5EUpiA30T7OaH8Z8fiwpBVOoNMWS5aO02TAQtp
OUhSUaY5zorgguhKhZbPjBniP5IcdSLVfIPCYBCYIuoj1hnhtDkJUaajhvSpTbZT
SqPIW402aKSr0T/Dob7CwD5F2DRoq550BvbLQyE6PU0niXbX2SCIeGqRanrtT336
MExaKCnEWXOxhbSQd9tV1Se9IGLfR0ac3pFPINwtVXVum20sTN79B3rBS3OlzC3d
1T7DWnSvkb2o6glQ00SL
=kBtV
-----END PGP SIGNATURE-----

I also try the shasum to check the md5 signature, but it works.
Could someone give me some info about 'the bad pgp signature' ?



Coinlancer is Disrupting the Freelance marketplace!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511014365
Hero Member
*
Offline Offline

Posts: 1511014365

View Profile Personal Message (Offline)

Ignore
1511014365
Reply with quote  #2

1511014365
Report to moderator
Lauda
Legendary
*
Offline Offline

Activity: 1666


GUNBOT Licenses -10% with ref. code 'GrumpyKitty'


View Profile WWW
November 04, 2017, 11:07:28 AM
 #2

Can you try doing the same for Bitcoin Core 0.14.0 and 0.15.0 just in order to see whether this issue is limited to your end or a specific version? I've sent Wladimir a message and don't have OSX myself to test on it.


▄██████████████████
███████████████████
███████████████████
█████████████████
███████████████
████████████████
████████████████
█████████████████
███████████████████
████████████████████
█████████████████████
▀████████████████████
Bazista®
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██

██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
|||
cr1776
Legendary
*
Offline Offline

Activity: 1708


View Profile
November 04, 2017, 11:35:02 AM
 #3

Can you try doing the same for Bitcoin Core 0.14.0 and 0.15.0 just in order to see whether this issue is limited to your end or a specific version? I've sent Wladimir a message and don't have OSX myself to test on it.

I can test on OS X later today if needed. (After an outing with the kids)
Lauda
Legendary
*
Offline Offline

Activity: 1666


GUNBOT Licenses -10% with ref. code 'GrumpyKitty'


View Profile WWW
November 04, 2017, 11:58:04 AM
 #4

Can you try doing the same for Bitcoin Core 0.14.0 and 0.15.0 just in order to see whether this issue is limited to your end or a specific version? I've sent Wladimir a message and don't have OSX myself to test on it.
I can test on OS X later today if needed. (After an outing with the kids)
Yes please. Post your results using the same command as OP for all three versions. This should help myself, Wladimir and anyone else looking into this.

Thanks.


▄██████████████████
███████████████████
███████████████████
█████████████████
███████████████
████████████████
████████████████
█████████████████
███████████████████
████████████████████
█████████████████████
▀████████████████████
Bazista®
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██

██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
|||
ora.zhang
Newbie
*
Offline Offline

Activity: 9


View Profile
November 05, 2017, 06:23:25 AM
 #5

Can you try doing the same for Bitcoin Core 0.14.0 and 0.15.0 just in order to see whether this issue is limited to your end or a specific version? I've sent Wladimir a message and don't have OSX myself to test on it.
I tried these versions 0.15.0, 0.14.0,0.13.0, unfortunately there is a good signature found. I also tried downloading the dmg package and verified in window pc, it also failed. Here is a asc file I used(Sorry, I don't find a way to upload file), could you help to have a look at it in case I do something wrong when I copied it from the SHA256SUMs.asc file.

Here is the content of the file, and I use notpad++ to create this file:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJZwQqFAAoJEJDIAZ42wulkZQ0P/0hkk9rcBenvHjUAQ1mYeSAW
T8mxFosWT24TDR5EO3vgemaNpzmr3W4hs46gIuM7cIqmKHMPcYNdt3PkYUiu7x9A
nFf76AjeHjwDNclOas746I8vMMB6pry6qO4hFF2WuLKRlBYjMKJIMjYrkmm4kur6
8GUwvJX7XnfgzJxMCLkaBPLiTYCAwKqPks4hbGdn6OWEefS1EjrLY8U4Ytkt03ZU
OceP0LYuFIC0NhaOMzv6EPeH83WAeIQgqmx3xZfewqPCCmj/7g/eK8VLp6ouZ6oL
YSSMZerN+n6BNDYVYy42LVwF2wDqTHIyDHQy5MEd038oeVjs9aj4yXv/2snj08FB
H39mum1sx7AW2GfjZPO7XvjkyfEJphB0VWGxAh/Ht01pMA6LzoH87m1MU6GZVJ8w
jPHNqAmEanhINv00OFmfDBWIaY5EUpiA30T7OaH8Z8fiwpBVOoNMWS5aO02TAQtp
OUhSUaY5zorgguhKhZbPjBniP5IcdSLVfIPCYBCYIuoj1hnhtDkJUaajhvSpTbZT
SqPIW402aKSr0T/Dob7CwD5F2DRoq550BvbLQyE6PU0niXbX2SCIeGqRanrtT336
MExaKCnEWXOxhbSQd9tV1Se9IGLfR0ac3pFPINwtVXVum20sTN79B3rBS3OlzC3d
1T7DWnSvkb2o6glQ00SL
=kBtV
-----END PGP SIGNATURE-----
wumpus
Hero Member
*****
Offline Offline

Activity: 812

No Maps for These Territories


View Profile
November 05, 2017, 09:04:30 AM
 #6

Where did you get those files? I think they are falsified! BE VERY CAREFUL and don't run it.

- My name is not "Wladimir J. van der lann" but "Wladimir J. van der Laan" (and my mail is not lannwj@gmail.com either)
- There is no "bitcoin-0.15.0.1-osx.dmg.asc". The only signed file in the distribution should be "SHA256SUMS.asc" which contains a list of SHA256 hashes, one for every file.

I followed the following steps on the command line to manually check the correctness of the release signing signature on 0.15.0.1:
Code:
$ wget https://bitcoin.org/bin/bitcoin-core-0.15.0.1/bitcoin-0.15.0.1-osx.dmg
$ wget https://bitcoin.org/bin/bitcoin-core-0.15.0.1/SHA256SUMS.asc
$ gpg < SHA256SUMS.asc | sha256sum -c --ignore-missing
gpg: Signature made Tue 19 Sep 2017 02:16:05 PM CEST
gpg:                using RSA key 0x90C8019E36C2E964
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>" [ultimate]
bitcoin-0.15.0.1-osx.dmg: OK

Do not run any dmg or other binary until you get an output like this.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
ora.zhang
Newbie
*
Offline Offline

Activity: 9


View Profile
November 05, 2017, 09:27:25 AM
 #7

Where did you get those files? I think they are falsified! BE VERY CAREFUL and don't run it.

- My name is not "Wladimir J. van der lann" but "Wladimir J. van der Laan" (and my mail is not lannwj@gmail.com either)
- There is no "bitcoin-0.15.0.1-osx.dmg.asc". The only signed file in the distribution should be "SHA256SUMS.asc" which contains a list of SHA256 hashes, one for every file.

I followed the following steps on the command line to manually check the correctness of the release signing signature on 0.15.0.1:
Code:
$ wget https://bitcoin.org/bin/bitcoin-core-0.15.0.1/bitcoin-0.15.0.1-osx.dmg
$ wget https://bitcoin.org/bin/bitcoin-core-0.15.0.1/SHA256SUMS.asc
$ gpg < SHA256SUMS.asc | sha256sum -c --ignore-missing
gpg: Signature made Tue 19 Sep 2017 02:16:05 PM CEST
gpg:                using RSA key 0x90C8019E36C2E964
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>" [ultimate]
bitcoin-0.15.0.1-osx.dmg: OK

Do not run any dmg or other binary until you get an output like this.

Thanks Wladimir. I spelled incorrect name and email when I post this topic.ou

I run the command in your reply and 'good signature' shows. Thanks a lot.  But I'm still wondering why I failed, since normally I use the following way to check pgp, and it works for electrum and dash wallet. Would you mind to get me hints?

Here is what I did to check the signature:
1. Dowload the 'bitcoin-0.15.0.1-osx.dmg' and 'SHA256SUMS.asc'.
2. 'touch bitcoin-0.15.0.1-osx.dmg.asc' file and copy the signature part from 'SHA256SUMS.asc' file.
3. run 'gpg2 --verify bitcoin-0.15.0.1-osx.dmg.asc bitcoin-0.15.0.1-osx.dmg'.
wumpus
Hero Member
*****
Offline Offline

Activity: 812

No Maps for These Territories


View Profile
November 05, 2017, 10:31:10 AM
 #8

2. 'touch bitcoin-0.15.0.1-osx.dmg.asc' file and copy the signature part from 'SHA256SUMS.asc' file.
When you change a file, or crop part out of it, you invalidate the signature. It would be more worrying if that worked.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
ora.zhang
Newbie
*
Offline Offline

Activity: 9


View Profile
November 06, 2017, 12:31:36 PM
 #9

2. 'touch bitcoin-0.15.0.1-osx.dmg.asc' file and copy the signature part from 'SHA256SUMS.asc' file.
When you change a file, or crop part out of it, you invalidate the signature. It would be more worrying if that worked.

Thanks a lot for your info.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!