Verifying Trezor Suite App

Cheers guys,

I want to move from Win to Mac and trying to be as careful as possible. I followed your guideline as to how to verify the download and got the following result on my Terminal:

quixil@MD-MBP downloads % gpg --import satoshilabs-2021-signing-key.asc
gpg: key E21B6950A2ECB65C: 1 signature not checked due to a missing key
gpg: key E21B6950A2ECB65C: “SatoshiLabs 2021 Signing Key” not changed
gpg: Total number processed: 1
gpg: unchanged: 1
quixil@MD-MBP downloads % gpg --verify Trezor-Suite-24.1.2-mac-x64.dmg.asc
gpg: assuming signed data in ‘Trezor-Suite-24.1.2-mac-x64.dmg’
gpg: Signature made pet 12 jan 12:02:25 2024 CET
gpg: using RSA key EB483B26B078A4AA1B6F425EE21B6950A2ECB65C
gpg: Good signature from “SatoshiLabs 2021 Signing Key” [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EB48 3B26 B078 A4AA 1B6F 425E E21B 6950 A2EC B65C

I am not very computer savvy and of course afraid of the Warning message…what does it mean and am I safe to install the Suite? Thanks a lot!

Hi there!

Certainly! The Trezor Suite installation is secure as the signature is valid. The GPG warning is just a reminder that the key doesn’t have a trusted value in the local trust database, which means you haven’t explicitly marked it as trusted. If you’ve verified the signature and it came from a trusted source, you can proceed with the installation without worries.

Thanks Lucien for the quick response!