pretty upset
after buying quite a few devices from satoshilabs, I cannot use them.
Reason:
the trezor suite and bridge do not check their signatures, KEY NOT VALID message.
using gpg, kleopatra, GNU privacy assistant
IMPORTED signing key downloaded from trezor suite webpage (under file name https://suite.trezor.io/)
DOWNLOADED signature key from same location
DOWNLOADED the software from the same link
Imported signing key in GNU privacy assistant
named signature key as the file with .asc in extension (Trezor-Suite-22.5.2-win-x64.exe and Trezor-Suite-22.5.2-win-x64.exe.asc in the same folder)
Opened Trezor-Suite-22.5.2-win-x64.exe in GNU privacy assistant
CLICKED VERIFY ICON
KEY ID A2ECB65C
Username SatoshiLabs 2021
Description UNCERTAIN SIGNATURE by SatoshiLabs 2021 Signing Key
!!!
KEY NOT VALID
Wasted 3 hours to debug this.
Not to mention trezor bridge. Is this software needed or trezor suite suffices?
If it is, why in the world you hide the signing key?
WTF