Author: Mike Hearn 2014-03-22 17:03:03
Published on: 2014-03-22T17:03:03+00:00
There has been a warning for those using PGP to verify Bitcoin downloads, to ensure that the right key is being used. It appears that someone is creating fake PGP keys to sign popular pieces of crypto software. This could be in order to make a MITM attack seem more legitimate. The Mac DMG's of Core are signed for Gatekeeper, however it is not clear if the Windows binaries are codesigned as well. Gavin Andresen suggests that this would be a good idea, as AV scanners learn key reputations to reduce false positives. However, Linux unfortunately does not support X.509 code signing. Extra signing can't hurt and may offer additional protection.
Updated on: 2023-06-08T15:40:59.729098+00:00