Comments (14)
from monero-wallet-generator.
What gives? Please advise.
gpg --verify monero-wallet-generator.html.asc
gpg: assuming signed data in `monero-wallet-generator.html'
gpg: Signature made Sat 04 Feb 2017 02:02:33 AM PST using RSA key ID 4D6CEFC3
gpg: Good signature from "moneromooo-monero [email protected]"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 48B0 8161 FBDA DFE3 93AD FC3E 686F 0745 4D6C EFC3
from monero-wallet-generator.
My Issue is similar. The signature verifies, but I get "WARNING: This key is not certified with a trusted signature!"
Is this a security concern?
(P.S Thankyou for making this OWG!)
$ gpg --verify monero-wallet-generator.html.asc
gpg: assuming signed data in 'monero-wallet-generator.html'
gpg: Signature made Sat 04 Feb 2017 05:02:33 AM EST
gpg: using RSA key 686F07454D6CEFC3
gpg: Good signature from "moneromooo-monero [email protected]" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 48B0 8161 FBDA DFE3 93AD FC3E 686F 0745 4D6C EFC3
from monero-wallet-generator.
same here
from monero-wallet-generator.
twimcacca, blockmeister9, Tahutipai, I believe that the user doing the verifying has to use gpg to certify that the moneromooo's key is genuine/trusted. Then you won't get that message.
In other words, if you have no clue who moneromooo is, you would not want to assign ultimate trust for example.
from monero-wallet-generator.
@twincacca @blockmeister9 @Tahutipai As long as you "good signature" as you do in this line:
gpg: Good signature from "moneromooo-monero [email protected]" [unknown]
The "WARNING: This key is not certified with a trusted signature" refers only to your local "trust database". This is where you say how well you trust that the key belongs to the person in question. This isn't something necessary for this kind of use case, so as long as you see "Good signature", then you are able to use the download safely.
from monero-wallet-generator.
This is correct, those warnings are expected. As long as you get the "Good signature" message from the correct key, then you're good. Note that the correct key is determined by its fingerprint, and NOT by the email claimed, as anyone can make a key with any email attached.
from monero-wallet-generator.
Great, thankyou. May I suggest it may be beneficial to update the instructions at the bottom of the wallet generator page to include expectation of this message? Esp. for those new to the process.
As it presently stands, if a new user follows the described process verbatim, then the user receives what appears to be, but is not, an error message of concern. (especially as we are dealing with funds here)
P.S Thankyou for making this!
from monero-wallet-generator.
Good idea, I've just done this.
from monero-wallet-generator.
Hi - Total novice in this area so forgive me if I'm coming at this in the wrong way.
I'm following the same procedure as above using Git BASH for Windows to verify the signature. As above no issues with the import of the GPG key; key and address all look fine on the face of it.
My problem is that I actually get a BAD signature returned based on the latest update, even though the RSA Key ID appears to match.
Am I missing something? Or is it genuinely an issue that I am pulling up the Bad Signature?
from monero-wallet-generator.
@gravypig I haven't done it via Git BASH on Windows before. Should just need something like Kleopatra (GPG4win) and just load the file + sig in there (doesn't specifically need to be done via Git). An example of what it should look like via my linux though (pulling latest update, verifying signature, and then giving you the sha256sum to verify another way):
:: [stephen@laptop] ~/projects/monero-wallet-generator [git:master]
$ git pull
remote: Counting objects: 10, done.
remote: Compressing objects: 100% (7/7), done.
remote: Total 10 (delta 3), reused 10 (delta 3), pack-reused 0
Unpacking objects: 100% (10/10), done.
From https://github.com/moneromooo-monero/monero-wallet-generator
c04a4e8..da2e7d9 master -> origin/master
Updating c04a4e8..da2e7d9
Fast-forward
monero-wallet-generator.html | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
monero-wallet-generator.html.asc | 27 +++++++++++++--------------
2 files changed, 73 insertions(+), 17 deletions(-)
:: [stephen@laptop] ~/projects/monero-wallet-generator [git:master]
$ gpg --verify monero-wallet-generator.html{.asc,}
gpg: Signature made Mon 18 Sep 2017 20:10:30 ACST
gpg: using RSA key 686F07454D6CEFC3
gpg: Good signature from "moneromooo-monero <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 48B0 8161 FBDA DFE3 93AD FC3E 686F 0745 4D6C EFC3
:: [stephen@laptop] ~/projects/monero-wallet-generator [git:master]
$ sha256sum monero-wallet-generator.html
c4d7725e88d583e472f3ea3d93ea1f5a9d60abb4155258eb21ebcf6e9760670b monero-wallet-generator.html
from monero-wallet-generator.
Thanks for the quick reply @stevesbrain - I tried GPG4WIN before moving on to GitBASH, but it didn't seem to recognise the signature file at all so in the end I abandoned the attempt.
As it happens since yesterday I have managed to kind of figure out my problem - I wasn't downloading all the original files direct from the github (specifically the html file).
Previously I was saving the wallet generator html file direct from the following web address -https://moneroaddress.org - and then downloading the signature file from github, which was then returning a BAD signature.
I can only assume someone has taken an early version and dropped it in there, but not updated it to the latest version so now the signatures dont match. Either that or its not legit...
Anyway, all sorted now, thanks again much appreciated!
from monero-wallet-generator.
@gravypig No worries - glad you got it all sorted :) Likely the moneroaddress.org link hasn't been updated with the latest file. You could probably grab an old signature from github to check it against if you were curious to see if indeed it wasn't legit!
from monero-wallet-generator.
Hi, You do not need to run gpg as root. The filename must be the same as the asc file, minus the ".asc". The file must be saved EXACTLY. No extra newlines, no Windows CR/LR changes, etc.
…
Thank you! The CR/LR changes by git on Windows may have been causing issues in my case, which I solved by downloading the code .zip file instead of using git clone https://github.com/moneromooo-monero/monero-wallet-generator
from monero-wallet-generator.
Related Issues (17)
- Setting a prefix fails generation HOT 3
- print friendly version like bitcoinwallets HOT 7
- Electroneum HOT 1
- License Clarification HOT 1
- Add moneroaddress.org to the repo description HOT 3
- Custom Prefix HOT 1
- Add License HOT 1
- Do you have exact same stuff but only for JS? HOT 1
- AEON restore from seed no loner works* HOT 3
- Generating send, view and public key from seed ? HOT 1
- Security - Custom entropy defets the purpose of menmonic seed HOT 8
- Is moneroaddress.org down? HOT 3
- Add information how to spend monero HOT 1
- Long term storage? HOT 1
- Getting Tx Private Key from moneroaddress.org HOT 1
- Add ability to type in your mnemonic seed HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from monero-wallet-generator.