Open cdoubleu opened 3 years ago
@ManusMcCole @miorsufianiohk @gabriela-ponce can you please assist us here and explain what is the expected result?
Hi @cdoubleu.
I hope that you are well and thank you for contacting us. Could I check that what you saw was similar to the following:
If it is, then the signature is ours, has been verified and can be trusted.
The reason why the expected behaviour on Step 7 is different than what you saw was due to the fact that we are using a 3rd party software "GPG Suite" to verify signatures. Any updates/changes on the 3rd party software is beyond our control. Unfortunately, the expected behaviour on Step 7 is expecting users to use the old version of "GPG Suite".
Therefore, I'd suggest that we update the instruction to reflect "GPG Suite" new behaviour cc: @nikolaglumac
In the meantime, let us know please if we have solved your issue @cdoubleu. Thank you.
OK I will notify the web team! Thanks!
Hi @cdoubleu.
I hope that you are well and thank you for contacting us. Could I check that what you saw was similar to the following:
If it is, then the signature is ours, has been verified and can be trusted.
The reason why the expected behaviour on Step 7 is different than what you saw was due to the fact that we are using a 3rd party software "GPG Suite" to verify signatures. Any updates/changes on the 3rd party software is beyond our control. Unfortunately, the expected behaviour on Step 7 is expecting users to use the old version of "GPG Suite".
Therefore, I'd suggest that we update the instruction to reflect "GPG Suite" new behaviour cc: @nikolaglumac
In the meantime, let us know please if we have solved your issue @cdoubleu. Thank you.
It's close to what I saw. Same dialogue, but the messaging that I received is not the same. Here's what I received.
Trusted signature IOHK Signing Authority signing.authority@iohk.io 9F98 40B5 0AE5 39A2 732C F646 C131 557F 1471 941A
The part that has me concerned is the trust level. i.e. "Trusted Signature" vs what you show "Fully Trusted Signature" with the additional "This signature can be trusted" at the bottom.
Can I trust the result I received from verifying the signature?
Hi @cdoubleu ,
I hope that you are well and thank you for contacting us again.
I have conducted some investigation and found out that the reason why you received different dialog was because you had the latest version of GPG Services (Version 2.1), whereas the one that I used before was GPG Services (Version 2.0). Upon upgrading to GPG Services (2.1), I received exactly the same dialog as yours (please see screenshot).
Therefore, if the above dialog matches what you received, rest assured that the signature has been verified as genuine.
I hope this helps. Should you need any further assistance please do not hesitate to contact us again. cc: @nikolaglumac
Kind regards, Mior
@miorsufianiohk Thank you for tracking this down. I'll continue my installation.
I'd like to point you to a discussion that I found on the Cardano forums. It might be a good idea to check in there and let other users know of this issue.
https://forum.cardano.org/t/daedalus-wallet-catalyst-pgp-signature-verification/44925/19
Cheers,
cdoubleu
Hi @cdoubleu,
I hope that you are well.
Thank you for the reply and I am glad that we managed to help you out. Thank you also for letting us know about the forum discussion. I believe the forum and the instruction page are currently being dealt with.
In the meantime, if you require further assistance please do not hesitate to contact us again. cc: @nikolaglumac
Kind regards, Mior
Not sure if this is the right forum for this issue, but here goes... I've been following the instructions on https://daedaluswallet.io/en/download/ to download and install the Daedalus Wallet.
After clicking the "Verify Signature Instructions" link, I've been able to follow all of the steps up to step 7.
In step 7 it states... The Verification Results dialog will then appear with the verdict in the Result column:
In the results dialog that I see...
Does this mean that the signature for the downloaded pkg file has been verified?