π
Original date posted:2014-03-22
π Original message:Am 22.03.2014 18:03, schrieb Mike Hearn:
> In case you didn't see this yet,
>
> http://gavintech.blogspot.ch/2014/03/it-aint-me-ive-got-pgp-imposter.html
>
> If you're using PGP to verify Bitcoin downloads, it's very important
> that you check you are using the right key. Someone seems to be creating
> fake PGP keys that are used to sign popular pieces of crypto software,
> probably to make a MITM attack (e.g. from an intelligence agency) seem
> more legitimate.
>From the user's perspective: In the beginning I found it difficult to
find the keys. At last I have made this side for documentation:
https://www.olivere.de/blog/archives/2013/06/02/install_bitcoin_client/
Okay, is outdated meanwhile ...
Normally people fetch the keys by key-id from a well known key server.
Not because they are paranoid, but because it is the most convenient
method under Linux.
A Google search for Gavin+Andresen+gpg brings me herein:
http://sourceforge.net/p/bitcoin/mailman/message/30551147/
Key-Id?
Nevertheless, I'm glad that you guys signed anything. That makes me
sleep better. I really check this.
- oliver
GPG: https://olivere.de/gpg
Oliver Egginger [ARCHIVE] /
npub182β¦nlkws
2023-06-07 15:16:02
in reply to nevent1qβ¦gte7
Author Public Key
npub182pe36hcvp2va069x068fcqt7w38fhdhrfkmhxdnlqausddvmucq3nlkwsPublished at
2023-06-07 15:16:02Event JSON
{
"id": "960cd3a2b290b7fff1ce01d780d21f2d3edc7d87ee790dcb3f73727c69348849",
"pubkey": "3a8398eaf86054cebf4533f474e00bf3a274ddb71a6dbb99b3f83bc835acdf30",
"created_at": 1686150962,
"kind": 1,
"tags": [
[
"e",
"11b062e07d71031e2a0a56717c23f94d417b0aad6e8d87b9b6991898d559b008",
"",
"root"
],
[
"e",
"d92563a30209dfe5f30462c72bd2e046ae099bd0385385f3af2fff8590189062",
"",
"reply"
],
[
"p",
"daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa"
]
],
"content": "π
Original date posted:2014-03-22\nπ Original message:Am 22.03.2014 18:03, schrieb Mike Hearn:\n\u003e In case you didn't see this yet,\n\u003e \n\u003e http://gavintech.blogspot.ch/2014/03/it-aint-me-ive-got-pgp-imposter.html\n\u003e \n\u003e If you're using PGP to verify Bitcoin downloads, it's very important\n\u003e that you check you are using the right key. Someone seems to be creating\n\u003e fake PGP keys that are used to sign popular pieces of crypto software,\n\u003e probably to make a MITM attack (e.g. from an intelligence agency) seem\n\u003e more legitimate.\n\n\u003eFrom the user's perspective: In the beginning I found it difficult to\nfind the keys. At last I have made this side for documentation:\n\nhttps://www.olivere.de/blog/archives/2013/06/02/install_bitcoin_client/\n\nOkay, is outdated meanwhile ...\n\nNormally people fetch the keys by key-id from a well known key server.\nNot because they are paranoid, but because it is the most convenient\nmethod under Linux.\n\nA Google search for Gavin+Andresen+gpg brings me herein:\n\nhttp://sourceforge.net/p/bitcoin/mailman/message/30551147/\n\nKey-Id?\n\nNevertheless, I'm glad that you guys signed anything. That makes me\nsleep better. I really check this.\n\n- oliver\n\nGPG: https://olivere.de/gpg",
"sig": "54c4dc3ec1f9845d0f608503a4f7f083959e02e4d4a41f7b5f576f07e231b3456406cfb8451e00b34a161e09955c2de2f3c9de937012c19a1f1eaa3cf4f9ff37"
}