Oddbean new post about | logout
Shida_Kayn | 17 days ago (raw) | root | parent | reply | flag +1 
 Wow, I didn't know about it. Thanks
SaberhagenTheNameless | 16 days ago (raw) | root | parent | reply | flag +2 
 https://haveno-reto.com/
Shida_Kayn | 16 days ago (raw) | root | parent | reply | flag +1 
 Bro, I just spend something like 2 hours to learn about gpg/sign/encrypt stuff and tried it on Haveno. But even after all this time, I don't know if the files I download is original or not.

1st, from your link, I get the public keys "reto_public.asc" which I don't find in the original github webpage https://github.com/retoaccess1/haveno-reto

2nd, from their github, I found instead the public key "woodser.asc" https://github.com/retoaccess1/haveno-reto/blob/master/gpg_keys/woodser.asc

And last, After I download "HavenoInstaller-windows-latest.zip.sig" & "HavenoInstaller-windows-latest.zip" and try to verify the signature, Only your public key ""reto_public.asc" works, the github public key "woodser.asc" doesn't.
SaberhagenTheNameless | 16 days ago (raw) | root | parent | reply | flag +2 
 So, it looks like you already did it correctly. The "reto_public.asc" is what you should be verifying because the "Reto network" is that teams unique instance of Haveno. Woodser helps them out sometimes but isn't directly involved afaik. I think his keys were just carried over from Haveno when Reto forked it.

You can double check with Reto on their SimpleX group chat (link is on the reto website in downloads section), or ask Woodser/Haveno peeps on Matrix: 
https://github.com/haveno-dex/haveno?tab=readme-ov-file#keep-in-touch-and-help-out