Downloading Trezor Suite

Bitcoiner65 · January 5, 2023, 7:56am

Hello, I have two problems:

I read in the trezor.io website this : You should only trust downloads from our official website or GitHub page:
2.Official website:* https://trezor.io/trezor-suite
3.GitHub:* https://github.com/trezor/trezor-suite/releases But the trezor suite installer is downloaded from: https://objects.githubusercontent.com/ I should be absolutely sure I am downloading from the correct site and this does not looks ok.
Also I can not verify the download: "the signature of this message is valid but untrusted” Thanks for your help.

Petosiris · January 5, 2023, 3:55pm

If you only need the latest publicly released version, download the desktop version from https://trezor.io/trezor-suite or use the web version at https://suite.trezor.io/web/.

matejcik · January 6, 2023, 10:16am

That’s a GPG thing. What it’s saying is:

You gave me a public key…
That public key does match the download.
So whoever owns that public key actually did sign the package.
However, I don’t know where you found the public key in the first place
By default, I don’t trust it unless you explicitly tell me to.

See this: https://twitter.com/Trezor/status/1559547643260452865
Check that the key fingeprint matches. If yes, that’s your confirmation that this is OK.

Trezor-uzer · May 7, 2023, 10:09am

I have the same problem as @Bitcoiner65 mentioned at 2.nd point.
The “Trezor-Suite-23.4.2-win-x64.exe.asc” file shows that the Trezor-Suite-23.4.2-win-x64.exe was not manipulated, but the signature (public key) from the creator (Trezor) is missing.
Could You(Trezor support) upload the public key on the https://trezor.io/trezor-suite page?
To check that the “satoshilabs-2021-signing-key.asc” was created from Trezor.