PGP Signature for Pasta - Expired

ourlink

Well-known Member
Foundation Member
Jun 9, 2014
240
66
188
Heartland, USA
www.p2poolmining.us
I just downloaded the latest Dash Wallet for Windows and did a check on the PGP signature. As you can see below the signature for Pasta has expired.

gpg: Signature made 8/17/2022 2:36:04 PM Central Daylight Time
gpg: using RSA key 29590362EC878A81FD3C202B52527BEDABE87984
gpg: Good signature from "Pasta <[email protected]>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 2959 0362 EC87 8A81 FD3C 202B 5252 7BED ABE8 7984


Someone might want to mention to him that his PGP key has expired and he should update it before posting any new software on the Dash.org site for download.
 

qwizzie

Grizzled Member
Aug 6, 2014
2,012
1,182
1,183
Both my own key and pasta's key were expired in Kleopatra. I could renew or recertify (i think i just deleted and re-added it again) my own key for indefinetely and Pasta's key ended up getting certified for 5 years (16-8-2026) in Kleopatra. I verified Pasta's key on keybase.io at the time (when v18.0.1 was just released).
Codablock i stopped recertifying, i may even delete his key completely in Kleopatra as he does not seem active anymore for Dash.

Knipsel.JPG
 
Last edited:

ourlink

Well-known Member
Foundation Member
Jun 9, 2014
240
66
188
Heartland, USA
www.p2poolmining.us
Both my own key and pasta's key were expired in Kleopatra. I could renew or recertify (i think i just deleted and re-added it again) my own key for indefinetely and Pasta's key ended up getting certified for 5 years (16-8-2026) in Kleopatra. I verified Pasta's key on keybase.io at the time (when v18.0.1 was just released).
Codablock i stopped recertifying, i may even delete his key completely in Kleopatra as he does not seem active anymore for Dash.

View attachment 11369
Qwizzie, where can I find your public key to import into Keopatra?
 

qwizzie

Grizzled Member
Aug 6, 2014
2,012
1,182
1,183
Qwizzie, where can I find your public key to import into Keopatra?
I am not a developer, so no need to import mine. I only use Kleopatra to verify the official Dash downloads and it needed my own (newly created) certificate to work.
Also you can further verify the downloads through Z-Zip, by comparing the CRC SHA (SHA-256) that Z-Zip provides with that of the SHA256SUMS.asc file.
Use Notepad / Notepad++ to read the SHA256SUMS.asc file properly.

Kleopatra : to verify the signing of the Dash downloads
Z-Zip : to verify the SHA256 hashes of each Dash download

The SHA256SUMS.asc file can be found here : https://github.com/dashpay/dash/releases/tag/v18.0.1

You can setup Z-Zip so that it shows the CRC SHA hashes, with just a few rightclicks on each download.

Knipsel.JPG


To those interested in using kleopatra for verifying the signing of the Dash downloads : https://www.dash.org/forum/threads/basic-guide-to-pgp-on-windows-pc-kleopatra-–-gpg4win.4086/

It is a very old guide, with the pics gone.. but still useable i think.
I am currently using Gpg4win 3.1.11 & Kleopatra 3.1.11 on Windows 10
You can associate .asc files to Kleopatra.
 
Last edited: