dream /verifySafeHeaven

as you probably know if you add /verifySafeHeaven to the url you get a pgp signed message. recently a user made a market complain accusation post claiming a dream mis-configuration and posted a link to it. I checked the signature under /verifySafeHeaven but it did not check out with the original key from here https://www.reddit.com/r/DNMSuperlist/wiki/not-listed#wiki_dream_market

now that link is listed on ddw [since they change it dynamically] yet the signature still does not check out. did anybody manage to ever verify the signed mirrors of any dream url with the linked key? maybe it is not just this url but also all others with the wrongly signed message.


Comments


[2 Points] Xxavieer:

In case I read your OP right, it's as simple as that: You won't be able to verify, because you are using the the wrong key. The key you linked is from support obviously, the Dream Market key is

pub   rsa2048 2016-11-06 [SCE] [expires: 2018-11-06]
1573ACC4AF13DD722A974A94F687B4FEBFF8F8B4
uid   Dream Market (Enterprise of e-commerce)  <speedsteppers@startupgrind.se> 

I saved this key a while ago, u/hellfinger obviously has the same key and I was able to verify every mirror link from deepdotweb, I even succesfully ordered twice - last time from the ecleg link.

To get the dream public key: dream-mirror-link-goes-here/about -it's also described in the pgp signed verifySafeHeaven message, btw. However, this assumes, obviously. that you already have a working dream mirror you trust.


[1 Points] hellfinger:

you're taking about this key ? 2048R/BFF8F8B4 2016-11-06 [expire : 2018-11-06]

ecleg, xsue, eajw, t5kq : ok.


[1 Points] basjin:

usually all verified messages coming from there did verify successfull for me.

there are some phishing pages adding custom strings to verified messages which doesnt work when you try to verify with the official pgp


[-6 Points] None:

Aren't these newish dream mirrors just phishing links? And dream is dead right?