Confused about Download Verification Procedure

The first Bisq video shows that two .asc files (signature .asc file and Bisq exe.asc file) are downloaded along with two application files (gpg4win .exe file and Bisq .exe file), and that I should use the Bisq .asc file for verification in Kleopatra (not the application file).

When I do the download I get two OpenPGP text files (signature file and Bisq .exe file) along with two application files (gpg4win file and Bisq file), so I used the Bisq OpenPGP file for verification in Kleopatra (not the application file).

Kleopatra tells me it cannot verify.

Has something changed here to make it seem so different from the video?

I’m not very familiar with Kleopatra, have you done it before?
Please copy the exact message, it is usually confusing: when everything is correct, it says something like keys can’t be trusted as they’ve not been signed by other trusted keys, and it looks ugly, but it just means that it has been verified.

Thanks for your interest MnM. I’m new to all this stuff so don’t know what error messages I can safely ignore. Log is as follows:

gpg: Signature made 22/12/2022 08:39:19 GMT Standard Time
gpg: using RSA key CB36D7D2EBB2E35D9B75500BCD5DC1C529CDFD3B
gpg: issuer “christoph.atteneder@gmail.com
gpg: Good signature from “Christoph Atteneder christoph.atteneder@gmail.com” [unknown]
gpg: WARNING: The key’s User ID is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B

That means “it’s ok, you’re good to go”. :sweat_smile:

Thanks MnM… I’ll take the handbrake off now then :slightly_smiling_face: