• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

PGP Signature for Pasta - Expired

ourlink

Active member
Foundation Member
I just downloaded the latest Dash Wallet for Windows and did a check on the PGP signature. As you can see below the signature for Pasta has expired.

gpg: Signature made 8/17/2022 2:36:04 PM Central Daylight Time
gpg: using RSA key 29590362EC878A81FD3C202B52527BEDABE87984
gpg: Good signature from "Pasta <[email protected]>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 2959 0362 EC87 8A81 FD3C 202B 5252 7BED ABE8 7984


Someone might want to mention to him that his PGP key has expired and he should update it before posting any new software on the Dash.org site for download.
 
you can get the updated key from here: https://keybase.io/pasta

It's the same fingerprint / underlying key, just extended expiration date.

Screen Shot 2022-09-08 at 19.17.29.png
 
Both my own key and pasta's key were expired in Kleopatra. I could renew or recertify (i think i just deleted and re-added it again) my own key for indefinetely and Pasta's key ended up getting certified for 5 years (16-8-2026) in Kleopatra. I verified Pasta's key on keybase.io at the time (when v18.0.1 was just released).
Codablock i stopped recertifying, i may even delete his key completely in Kleopatra as he does not seem active anymore for Dash.

Knipsel.JPG
 
Last edited:
Awesome, I grabbed Pasta's public key and re-imported it into my Kleopatra app... All is good now!

Thanks for the fast action.
 
Both my own key and pasta's key were expired in Kleopatra. I could renew or recertify (i think i just deleted and re-added it again) my own key for indefinetely and Pasta's key ended up getting certified for 5 years (16-8-2026) in Kleopatra. I verified Pasta's key on keybase.io at the time (when v18.0.1 was just released).
Codablock i stopped recertifying, i may even delete his key completely in Kleopatra as he does not seem active anymore for Dash.

View attachment 11369

Qwizzie, where can I find your public key to import into Keopatra?
 
Qwizzie, where can I find your public key to import into Keopatra?

I am not a developer, so no need to import mine. I only use Kleopatra to verify the official Dash downloads and it needed my own (newly created) certificate to work.
Also you can further verify the downloads through Z-Zip, by comparing the CRC SHA (SHA-256) that Z-Zip provides with that of the SHA256SUMS.asc file.
Use Notepad / Notepad++ to read the SHA256SUMS.asc file properly.

Kleopatra : to verify the signing of the Dash downloads
Z-Zip : to verify the SHA256 hashes of each Dash download

The SHA256SUMS.asc file can be found here : https://github.com/dashpay/dash/releases/tag/v18.0.1

You can setup Z-Zip so that it shows the CRC SHA hashes, with just a few rightclicks on each download.

Knipsel.JPG


To those interested in using kleopatra for verifying the signing of the Dash downloads : https://www.dash.org/forum/threads/basic-guide-to-pgp-on-windows-pc-kleopatra-–-gpg4win.4086/

It is a very old guide, with the pics gone.. but still useable i think.
I am currently using Gpg4win 3.1.11 & Kleopatra 3.1.11 on Windows 10
You can associate .asc files to Kleopatra.
 
Last edited:
Back
Top