From c5c1bb95b3052b9f6fa182f5eafda5cb1e90556f Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Sun, 21 Jun 2015 12:48:48 +0100 Subject: [PATCH] Add GPG instructions, and generally rearrange text --- monero-wallet-generator.html | 103 ++++++++++++++++++++++++++++++----- 1 file changed, 89 insertions(+), 14 deletions(-) diff --git a/monero-wallet-generator.html b/monero-wallet-generator.html index 58e8718..d615a87 100644 --- a/monero-wallet-generator.html +++ b/monero-wallet-generator.html @@ -3593,6 +3593,11 @@ that is not connected to the network, and may even never be. This way, you can c a Monero wallet without risking the keys.

+This file is GPG signed, see GPG instructions. +You can check for up to date versions of this page +here. +

+

The public address is the address you give third parties to send monero to you. It is the only information here that's meant to be public.

@@ -3614,7 +3619,7 @@ This is your new Monero wallet:

- +
@@ -3655,29 +3660,99 @@ This is your new Monero wallet:
-

-All released versions of this page will be GPG signed by moneromooo, to avoid trojaned versions -being passed around. It is in your interest to check the signature. -
-moneromooo's GPG key -can be found in the Monero source tree. -
-You can check for up to date versions of this page -here. -

- -
-

Made by moneromooo, based on code from MyMonero. Copyright notices in the source.
If you found this useful, a donation would be appreciated:
+

Public address generating...
+
4AfUP827TeRZ1cck3tZThgZbRCEwBrpcJTkA1LCiyFVuMH4b5y59bKMZHGb9y58K3gSjWDCBsB4RkGsGDhsmMG5R2qmbLeW +

Thanks, and welcome to Monero!

+
+ + +

How to verify GPG signatures

+ +

+All released versions of this page will be GPG signed by moneromooo, to avoid trojaned versions +being passed around. It is in your interest to check the signature. +

+

+This page is maintained as a +git repository. +All commits are signed. In addition, released versions of the page are signed separately. +In order to check either, you first need to import +moneromooo's GPG key +from the Monero source tree: +

+ + +gpg --import moneromooo.asc + + +

Checking a standalone signature

+ +

+You need to get the signature file corresponding to the version of the page you're using. +Original signature files are +in the git repository +as well. Save it as monero-wallet-generator.html.asc, then: +

+ + +gpg --verify monero-wallet-generator.html.asc + + +

+You should see a message similar to: +

+ + +gpg: Good signature from "moneromooo-monero <moneromooo-monero@users.noreply.github.com>" + + +

+Check the signature is from the key you imported previously! If not, you may be checking +that file was properly signed by an attacker instead of moneromooo. Beware that anyone can +place any email address in a new GPG key, so the right email being shown is no guarantee. +

+ +

+If you want to verify an old version of the file, you will have to retrieve the matching +signature file from git. +

+ +

Checking a git commit's signature

+ +

+If you're using git to get the latest and greatest, it's even simpler: +

+ + +git show --show-signature + + +

+You should see a message similar to: +

+ + +gpg: Good signature from "moneromooo-monero <moneromooo-monero@users.noreply.github.com>" + + +

+Check the signature is from the key you imported previously! If not, you may be checking +that file was properly signed by an attacker instead of moneromooo. Beware that anyone can +place any email address in a new GPG key, so the right email being shown is no guarantee. +

+ +
+