Attempting to verify downloaded copy of Daedalus with GPG

Everything went according to the directions on the daedalus wallet site (linked from cardano. org) up until importing the IOHK key.

Import the IOHK key:

  • File → Lookup on Server
  • Allow network access to ‘dirmngr’, if the prompt arises
  • Search for signing. authority @iohk. io

Nothing is found for signing. authority @iohk. io. Per past posts, I followed suggestions to allow an app through the firewall (Kleopatra) but that didn’t help. There is no prompt to allow network access to ‘dirmngr’ and I can’t find this anywhere else.

This is where I run out of ideas. What else can I try to find the signing. authority @iohk. io or is there something else I should be doing?

(PS I have put extra spaces because of the link limitations, I am searching for these without the spaces.)

1 Like

What operating system is this on? The exact details of how this is done will likely be a little different depending on whether you are on Windows, Mac or Linux.

It’s on Windows.

I know almost nothing about Windows, so hopefully someone else can answer.

Hello @mycoldbeer

Prompt may or may not appear. Either way is fine. If it does appear click “Allow” if it doesn’t then it’s all good already.

In Kleopatra :
make sure you have ‘All Certificates’ selected in Certificate menu(not just My Certificates)

Then HOLD shift+ctrl then press i
Copy and paste signing.authority@iohk.io in the search bar.

If the search bar just flickers, then it’s already in the list. Check the list:
KleoList
It will look like this:
iohkList

If it’s there just continue with the steps from Daedalus page.

If the search bar ‘grays’ out for too long, then you may have internet connection issues or you may need to update Kleopatra. Click ‘Help’ tab and select ‘Check For Updates’

Also, it may not work with some VPNs since they use third party access that may have firewall.

Thanks for your reply.

I went ahead and tried that - I did and do have all certificates selected. I went about the search as suggested. There’s nothing in the search results, and it isn’t greyed out after about a minute or so of searching. The version I am running is from June 11 2021 but I checked for updates anyway, and ther are none available.

This is just my home internet and there’s no VPN.

Any other ideas?

Besides search results box, did you check the list on the main screen. Sometimes search comes up empty if certificate is already there. It should be listed above/below to the certificate you already created in step 4. Should look something like this:

The certificate in bold letters is the one you created. If that list is empty or there are no certificates in bold letters, then you need to go back to Step 4 and create a new key pair, otherwise it will not work.

Also, I am using version 3.1.15. If above doesn’t work, try uninstalling your current version and installing 3.1.15 from https://www.gpg4win.org/

Maybe there is a bug in the newest release.

The one I created is there on the main screen, but that’s the only item. I will try the older version.

If all fails you can just use checksum to confirm your download. While PGP check is better, it is only optional and checksum can verify that download is not altered before installing it.

1 Like

Hello all, I have the exact same problem as mycoldbeer, checked all, installed older versions and signing.authority@iohk.io never gives an answer, any other we can try just to see if the software is connecting to the internet?

One thing i do haver is the DNS turned to cloudfare 9.9.9.9 i assume this has nothing to be with it, but other than that I tried it all, even allowing dimdnr.exe manually on firewall

Ok,

Lets do checksum instead. I will show you how to do it manually since you both already have PGP downloaded. This is super easy method to visually verify that you download is valid. Also, you can use this method with any other website that provides checksum info.

  1. Download Daedalus package.
  2. Go to the folder that package downloaded. (For me it’s downloads folder)
    downloadDaedalus
  3. Right click on the downloaded file
  4. From the popup menu choose “More GpgEX options”
    1stMenue
  5. Another menu will expand on the side. From that menu choose “Create checksum”
    2ndMenuCS
  6. You will see Kleopatra window pop up and in a few seconds it will say that the checksum files were created and it will show the path to the file. Text file name is ‘Sha256Sum’ . Usually it will be right next to your downloaded file. It will look like this:
    CreatedSha
  7. Open the file (you can just use Note Pad to open it). Inside you will see checksum created by Klopatra and the path to the file.

NotePadSha
8. Now go to Daedalus page where you downloaded the file from and click that clipboard icon to copy checksum provided by website.
DaedalusSha
9. Go back to Sha256Sum text document that is open in your Notepad and paste checksum you got from the Daedalus website directly below checksum provided by Kleopatra.
PasteSha
10. Now you can visually check if both numbers are the same. If they are the same then file wasn’t modified or corrupted and downloaded file is safe to use. Open file and install.
If numbers differ, then erase the file, check if you are on real Daedalus page. Or try to reach the page trough official websites (such as links in Cardano.org).

There are many other ways to check using CMD, certutil, other apps… however this is the only way that will be easy for techies or non-techies and is not dependent on anything else other than the tools you already have.

Also, you can use this technique on any download as long as the source provides checksum. So, if you ever wondered if that google app store app was legit, here is a way to check.

Hope this helps :smiley:

1 Like

@mycoldbeer and @Lemur_ADA
Where you able to verify your download trough checksum?

Thank you for this information - the numbers are NOT the same.

I guess I delete the file now and try again.

Edit: Hoping it’s just that something changed since I downloaded it (same version number though). I deleted the old one, which had never been installed, and downloaded a new copy. Using the instructions, I verified the checksum was the same for the new one I just downloaded.

Thanks for your help.

I am having this exact same problem and have posted here

Seems to be an unresolved problem online at the moment.

I have a large amount of ADA i want to stake at 5% so i need to move from coinbase to daedalus.

Would a checksum only be okay? or is it too risky for large amounts?

Managed to fix, after trying all the troubleshoots, all it took was to uninstall and delete all the files then go back to https://www.gpg4win.org/ and redownloaded. No need to redownload PGP or daedalus just the one from the website link.

Hope this Helps.

Hello @Tangax

Kleopatra checks that the file is from a legit source.
Checksum checks that the file is exactly the same as publishing site claims. So as long as you are sure that you are getting checksum info from a legit website then it’s 100% fine.

Good to hear :+1:

I also manually allowed on my anti virus firewall,
dirmngr.exe
kleopatra.exe
ggr4win.exe
daedalus.exe
cadanonode.exe

Exact same issue as today. I’m installing everything on a new computer, well I’m trying but stuck on this part.

Kleopatra has a different default keyserver from Daedalus instruction and I changed it the one in the instruction, but nothing came up the search.

Also exact same issues, Same same on Windows and can’t find signing.authority@iohk.io and also updated the PGP server as Cardano suggests. same - can’t find it.

EDIT Had to reboot and then run the search a couple times and it finally found it. Then the verify was successful

Solved this issue downloading the key here and importing: