Bitcoin-Core

知道為什麼比特幣核心簽名不受信任嗎?

  • July 14, 2020

它應該是一個受信任的簽名,對吧?我正在從 bitcoin.org 下載比特幣核心

gpg --import laanwj-releases.asc
gpg: key 90C8019E36C2E964: 51 firmas no comprobadas por falta de claves
gpg: clave 90C8019E36C2E964: "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>" sin cambios
gpg: Cantidad total procesada: 1
gpg:              sin cambios: 1

sha256sum --check SHA256SUMS.asc
sha256sum: bitcoin-0.20.0-aarch64-linux-gnu.tar.gz: No such file or directory
bitcoin-0.20.0-aarch64-linux-gnu.tar.gz: FAILED open or read
sha256sum: bitcoin-0.20.0-arm-linux-gnueabihf.tar.gz: No such file or directory
bitcoin-0.20.0-arm-linux-gnueabihf.tar.gz: FAILED open or read
sha256sum: bitcoin-0.20.0-osx64.tar.gz: No such file or directory
bitcoin-0.20.0-osx64.tar.gz: FAILED open or read
sha256sum: bitcoin-0.20.0-osx.dmg: No such file or directory
bitcoin-0.20.0-osx.dmg: FAILED open or read
sha256sum: bitcoin-0.20.0-riscv64-linux-gnu.tar.gz: No such file or directory
bitcoin-0.20.0-riscv64-linux-gnu.tar.gz: FAILED open or read
sha256sum: bitcoin-0.20.0.tar.gz: No such file or directory
bitcoin-0.20.0.tar.gz: FAILED open or read
sha256sum: bitcoin-0.20.0-win64-setup.exe: No such file or directory
bitcoin-0.20.0-win64-setup.exe: FAILED open or read
sha256sum: bitcoin-0.20.0-win64.zip: No such file or directory
bitcoin-0.20.0-win64.zip: FAILED open or read
sha256sum: bitcoin-0.20.0-x86_64-linux-gnu.tar.gz: No such file or directory
bitcoin-0.20.0-x86_64-linux-gnu.tar.gz: FAILED open or read
sha256sum: WARNING: 20 lines are improperly formatted
sha256sum: WARNING: 9 listed files could not be read

gpg --verify SHA256SUMS.asc
gpg: Firmado el mié  3 jun 10:59:52 2020 WEST
gpg:                usando RSA clave 90C8019E36C2E964
gpg: Firma correcta de "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>" [desconocido]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 01EA 5486 DE18 A882 D4C2  6845 90C8 019E 36C2 E964

導入密鑰時,您可以將其標記為受信任。通常,您會在與密鑰的所有者會面並驗證他們實際控制密鑰之後執行此操作,例如在CryptoParty 上。由於每個使用者親自驗證每個其他使用者是不可行的,因此 PGP/GPG 利用“信任網路”在密鑰之間建立連接。例如,Alice 遇到了 Bob,並且信任 Bob 的密鑰。Bob 已經簽署了 Carol 的密鑰,因此 Alice 在某種程度上信任 Carol 的密鑰。這種方法的可靠性和假設存在一些問題,但這就是它的工作原理。

不管怎樣,GPG 在這裡告訴你的是,你下載的包確實是由你檢查的密鑰簽名的,但它警告你沒有驗證簽名密鑰的真實性。

引用自:https://bitcoin.stackexchange.com/questions/97002