1
Usually I am able to verify signatures using the verify option in GPG, but this doesn't work when attempting to verify the Litecoin Core client DMG.
For example:
$ gpg --verify litecoin-0.14.2-osx.dmg.asc litecoin-0.14.2-osx.dmg
gpg: Signature made Mon Jul 31 14:44:45 2017 PDT
gpg: using RSA key FE3348877809386C
gpg: Can't check signature: No public key
I am using the GPG 2.2.3 install from Homebrew.
2
Here is what I did to get this to work
Copy the public key (found here) to a file. I called it litecoin.public.key.
Then run the following commands:
gpg --import litecoin.public.key
gpg --verify litecoin-0.14.2-osx.dmg.asc litecoin-0.14.2-osx.dmg
This is the output that I got
gpg: Signature made Mon Jul 31 17:44:45 2017 EDT
gpg: using RSA key FE3348877809386C
gpg: Good signature from "Adrian Gallagher <thrasher@addictionsoftware.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 59CA F0E9 6F23 F537 4794 5FD4 FE33 4887 7809 386C
0
You need to download and import their PGP key. There is a link to it on litecoin.org's download page. You can also get it directly from a keyserver
I have already downloaded the key, as I was able to run
--verifyon the .asc file. When trying the--importoption, I get$ gpg --import litecoin-0.14.2-osx.dmg.asc; gpg: no valid OpenPGP data found.; gpg: Total number processed: 0– nipponese – 2017-12-13T18:29:45.813