Bitcoin.org gpg keys expired?

security - Bitcoin.org gpg keys expired? - Bitcoin Stack Exchange

Bitcoin Stack Exchange is a question and answer site for Bitcoin crypto-currency enthusiasts. It only takes a minute to sign up.

Anybody can ask a question

Anybody can answer

The best answers are voted up and rise to the top

Ask Question

Asked 2 days ago

Active yesterday

Viewed 40 times

I was trying to add the keys to a keyring to verify the bitcoin core download, but it looks like the gpg keys are all expired.

New contributor

The home website for Bitcoin Core says

Refresh expired keys using:
gpg --keyserver hkps://keys.openpgp.org --refresh-keys

I would obtain Bitcoin Core from that bitcoincore.org website and not from bitcoin.org.

For signature checking to be more meaningful as a check on authorship or correctness rather than merely a checksum of download integrity, it is probably important to obtain your GPG public keys from a source that is as independent as possible from the website from which you download the source or binaries. Otherwise you could download doctored code and faked signatures & keys from a hacked or impostor website. This independence appears to be the case with software from bitcoincore.org and keys from openpgp.org or elsewhere (if I understand correctly).

You are correct that bitcoin.org currently (2022-02-17) has old expired keys.

After visiting https://bitcoin.org/en/download and clicking "Bitcoin Core Release Signing Keys" v0.11.0+ I also see an expired key.

C> gpg --import laanwj-releases.asc
gpg: key 36C2E964: public key "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: no ultimately trusted keys found
C> gpg --list-keys
----------------------------------------------
pub 4096R/36C2E964 2015-06-24 [expired: 2022-02-10]
uid Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>

	The Riveting World of Bombay Club
	SOCIAL GOOD 100$ free sign up bonus + 100% Cashback on daily purchases
	Ethereum Expected to Thrive in 2023
	How To Get Started On Cryptocurrency Gaming
	5 Important Features of White Label NFT Marketplace
	How to get started with crypto gambling
	Best 7 Web3 Apps That Pay You Crypto
	6 Must-Have Tools For Crypto Traders
	Can Ethereum 2.0 Be Converted to Cash?
	Cryptocurrency in Gambling: Features and Benefits
	What are the Core Facets of a Successful Cryptocurrency?
	Cost to Develop Your Own Cryptocurrency Website
	EgldRush - The best Elrond NFT project Farming, Staking, Rewarding
	Choosing a Safe Cryptocurrency Exchange 2022
	Let's Talk About Security in Crypto

Bitcoin.org gpg keys expired?

Comments

Categories

Tags

Subscribe

Related Posts

Comments