Raspiblitz: Rely only on GPG keys for verification

Created on 5 Aug 2019  路  3Comments  路  Source: rootzoll/raspiblitz

GPG verification should be sufficient and the hashes are redundant and prevent smooth upgrades (the script must be changed). They only provide protection against the signer of the software being compromised.

If the protection against signer compromise is desired, multisig might be implemented instead.

picture Kixunil

Most helpful comment

With the update to bitcoin core 0.18.1 I changed that the hash values will get greped from the sign checked asc file. Will be part of v1.3 release.

picture rootzoll on 11 Aug 2019
👍2

All 3 comments

The latest PR from @openoms is using for the hashes the manifest file now - see:
https://github.com/rootzoll/raspiblitz/pull/696/files

As the LND documentation advises the manifest file with the hashes is the only one signed and gets checked against the GPG keys: https://github.com/LightningNetwork/lnd/releases

For the bitcoin-core we could get rid of the extra static hash values also in the build_script - thats something to consider.

rootzoll picture rootzoll on 5 Aug 2019
👍1

Yes, Bitcoin core is the one I had in mind.

Kixunil picture Kixunil on 10 Aug 2019

With the update to bitcoin core 0.18.1 I changed that the hash values will get greped from the sign checked asc file. Will be part of v1.3 release.

rootzoll picture rootzoll on 11 Aug 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jodobear picture jodobear  路  5Comments
ChuckNorrison picture ChuckNorrison  路  4Comments
frennkie picture frennkie  路  5Comments
Himbeergeld picture Himbeergeld  路  3Comments
openoms picture openoms  路  3Comments