Add signed .asc files and public key for verification of downloads

Blockstream / green_qt

Blockstream Green App

GNU General Public License v3.0

188 stars 31 forks source link

Add signed .asc files and public key for verification of downloads #56

Closed karozagorus closed 1 week ago

karozagorus commented 3 years ago

Description

It is not enough to just verify the SHA256 of the file, we need an additional ASC file and a public key that can be easily downloaded and checked against the downloaded files to verify their originality.

domegabri commented 1 year ago

See this post in our help center on how you can download the public key from key servers and verify downloads: https://help.blockstream.com/hc/en-us/articles/900002174043-How-do-I-verify-the-Blockstream-Green-binaries-

Let us know if this works for you. Thanks.

bitcoin3us commented 2 weeks ago

Do you have any plans going forward to sign with the Blockstream key, rather than the '.it GreenAddress key', reference: "GreenAddress Team info@greenaddress.it"?

According to your website your PGP is referenced here: https://blockstream.com/pgp.txt. This key differs to the key used to sign the Blockstream Green files.

domegabri commented 1 week ago

@bitcoin3us the key to verify binaries for blockstream green is the one referenced in the guide I linked above. There is no plan to switch to the one you referenced.