pooler
Expired gpg Key used to sign wallet
Problem
The Latest Release 4.2.2.1 (electrum-ltc-4.2.2.1.dmg) is signed with a key, which already expired in January:
$ gpg --keyserver keyserver.ubuntu.com --recv-keys 0x6fc4c9f7f1be8fea 0xfe3348877809386c 0x3b2a6315cd51a673
gpg: key 3B2A6315CD51A673: "Loshan T (A.K.A. losh11) <[email protected]>" not changed
gpg: key FE3348877809386C: public key "Adrian Gallagher <[email protected]>" imported
gpg: key 6FC4C9F7F1BE8FEA: public key "pooler <[email protected]>" imported
gpg: Total number processed: 3
gpg: imported: 2
gpg: unchanged: 1
$ gpg --list-keys Loshan
pub rsa4096 2016-01-09 [SC] [expired: 2022-01-16]
C0921846FED0BF4CF28BE1D73B2A6315CD51A673
uid [ expired] Loshan T (A.K.A. losh11) <[email protected]>
Solution
Please sign again with a valid key.
As far as I can tell that key is valid until 2026.
$ gpg --list-keys Loshan
pub rsa4096 2016-01-09 [SC] [expires: 2026-01-09]
C0921846FED0BF4CF28BE1D73B2A6315CD51A673
uid [ unknown] Loshan T (A.K.A. losh11) <[email protected]>
It looks like the key was already present in your keyring. Have you tried running gpg --refresh-keys?
Strange ... I tried to refresh but the key is still the same:
$ gpg --refresh-keys
gpg: refreshing 74 keys from hkps://keys.openpgp.org
...
gpg: key 3B2A6315CD51A673: "Loshan T (A.K.A. losh11) <[email protected]>" not changed
...
gpg: Total number processed: 73
gpg: unchanged: 66
gpg: new user IDs: 3
gpg: new signatures: 15
$ gpg --refresh-keys Loshan
gpg: refreshing 1 key from hkps://keys.openpgp.org
gpg: key 3B2A6315CD51A673: "Loshan T (A.K.A. losh11) <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
I though I have somewhere seen, that you are using the ubuntu-keyserver. So I tried again explicitly setting that server:
$ gpg --refresh-keys --keyserver keyserver.ubuntu.com Loshan
gpg: refreshing 1 key from hkp://keyserver.ubuntu.com
gpg: key 3B2A6315CD51A673: "Loshan T (A.K.A. losh11) <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
But that as well did not update the key:
$ gpg --list-keys Loshan
pub rsa4096 2016-01-09 [SC] [expired: 2022-01-16]
C0921846FED0BF4CF28BE1D73B2A6315CD51A673
uid [ expired] Loshan T (A.K.A. losh11) <[email protected]>
Any idea, what happens here?
OK, maybe try removing the key and then fetching it again?
$ gpg --delete-key 0x3b2a6315cd51a673
$ gpg --recv-keys 0x3b2a6315cd51a673
Unfortunately that does not change the situation:
$ gpg --delete-key 0x3b2a6315cd51a673
gpg (GnuPG/MacGPG2) 2.2.34; Copyright (C) 2022 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub rsa4096/3B2A6315CD51A673 2016-01-09 Loshan T (A.K.A. losh11) <[email protected]>
Delete this key from the keyring? (y/N) y
$ gpg --recv-keys 0x3b2a6315cd51a673
gpg: key 3B2A6315CD51A673: public key "Loshan T (A.K.A. losh11) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
$ gpg --list-keys Loshan
pub rsa4096 2016-01-09 [SC] [expired: 2022-01-16]
C0921846FED0BF4CF28BE1D73B2A6315CD51A673
uid [ expired] Loshan T (A.K.A. losh11) <[email protected]>
Am I the only one who experiences this problem or am I the only one who cares about expired keys? :-)
@ilsd This key is still valid, I believe you may have changed your local gpg configuration. Here's a screenshot from the Ubuntu keyserver:
As you can see I renewed my GPG key prior to expiry in 2017.
