2

I downloaded the Bitcoin Core v0.20.0 from https://bitcoin.org/en/download

To verify, I first imported the signing key at https://bitcoin.org/laanwj-releases.asc and then ran command:

gpg --import laanwj-releases.asc

Then I downloaded the release signatures from https://bitcoin.org/bin/bitcoin-core-0.20.0/SHA256SUMS.asc and to verify I ran command:

gpg --verify SHA256SUMS.asc

Output was:

gpg:                using RSA key 90C8019E36C2E964
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 01EA 5486 DE18 A882 D4C2  6845 90C8 019E 36C2 E964

Now, it says "Good signature" but the next two lines are WARNING: This key is not certified with a trusted signature! There is no indication that the signature belongs to the owner.

What did I accomplish then, till this point?

I also tried running gpg --verify SHA256SUMS.asc bitcoin-0.20.0-win64-setup.exe but got gpg: not a detached signature as the output.

Not sure if I was able to verify it correctly or not. I was stupidly quick enough to actually run the installer after noticing "Good signature" in output and matching the Primary key fingerprint on the webpage and it matched. Please explain what's going on here.

Also how does this signing even verify the integrity of the downloaded file when the malicious actor can also modify the file at https://bitcoin.org/laanwj-releases.asc ?

Thank you!

Ashfame
  • 179
  • 10

1 Answers1

0

GnuPG is telling you that the signature corresponds to that public key (your file has a valid signature and wasn't tampered with in transit), but that it doesn't know if that public key is trustworthy.

If you trust your friendly neighborhood CA, then do the following:

gpg --lsign-key 01EA5486DE18A882D4C2684590C8019E36C2E964

then enter your private key password to locally certify the key.

If you don't trust the CA (good on you for being suspicious), ask someone you know who you do trust for the key fingerprint. If that key fingerprint matches what you imported, then you can run that command. If it doesn't, then something is up.

Expectator
  • 192
  • 6
  • Without understanding what did I achieve with my steps and what does your instructions aim to cover beyond that, its hard to get a grasp on it. Could you elaborate your answer? Perhaps start with to what degree the downloaded file can be considered as verified. – Ashfame Jun 14 '20 at 21:34
  • The command tells GnuPG that "The Bitcoin developer's signing key is trustworthy, reflect that fact the next time a signature is verified". The file you downloaded has already been signed by the website using TLS (so it's verified), but the PGP signature is just extra protection. The issue is that you have to trust that the key they listed is actually their key and not some impostor. You are right in your last sentence of the question: If bitcoin.org is hacked, the attacker can tamper with the key. This is why you should ask someone you trust for the fingerprint, for extra protection. – Expectator Jun 14 '20 at 22:09
  • Right, but wasn't that the exact purpose of PGP keys? Being able to verify even if the website is compromised, otherwise this works just like verifying by the hash of the file, which an attacker can easily change if managed to get access to hosting of the website. – Ashfame Jun 14 '20 at 22:39
  • The purpose of PGP is that it allows you to verify files out-of-band, but you still have to trust the key. A PGP key is identical to an X.509 certificate in nearly every way except the trust model. Unless you ask someone you trust either in person or using already trusted keys, there is no way of telling whether or not the key is trustworthy. You can build this trust by joining a Web of Trust, which requires events like keysigning parties. Unless you're extremely paranoid about the safety of the binary you downloaded, it's probably safe. PGP doesn't add extra safety unless you join a WoT. – Expectator Jun 14 '20 at 23:54
  • Makes sense, thanks so much for explaining! Could you confirm `gpg --verify SHA256SUMS.asc` was sufficient to verify the SHA256hash of the file listed in it `0f1ea61a9aa9aba383a43bcdb5755b072cfff016b9c6bb0afa772a8685bcf7b0 bitcoin-0.20.0-win64-setup.exe` is accurate without me having to specify the file itself that I am trying to verify? I fear it could have just validated the signature and not the hash of the file by hashing the concerned file by locating it. – Ashfame Jun 15 '20 at 07:09
  • If you verify the file with the list of hashes, that means that the hashes are trustworthy, not the file itself. You have to do another step. If the files you downloaded hashes to one of these already verified hashes, then the file is also valid. Run `sha256sum bitcoin-0.20.0-win64-setup.exe` and see if the hash matches. If that doesn't work, use `CertUtil -hashfile bitcoin-0.20.0-win64-setup.exe sha256`. The reason why one would elect to sign a list of hashes is for convenience; only one signature file needs to be made, not one for every file. – Expectator Jun 15 '20 at 14:50
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/109395/discussion-between-expectator-and-ashfame). – Expectator Jun 15 '20 at 15:41