Upon install Bisq on my Mac running Catalina I get a notification that Bisq wants to ‘receive keystrokes from any application’. I hit deny. But now I am concerned about using this software. I verified the download and received this result. Am I ok? Why would Bisq want to receive keystrokes from any application??
T3000:Downloads nick$ gpg --digest-algo SHA256 --verify Bisq-1.2.9.dmg{.asc*,}
gpg: Signature made Mon Mar 16 09:20:46 2020 MDT
gpg: using RSA key CB36D7D2EBB2E35D9B75500BCD5DC1C529CDFD3B
gpg: issuer "christoph.atteneder@gmail.com"
gpg: key CD5DC1C529CDFD3B: public key "Christoph Atteneder <christoph.atteneder@gmail.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: Good signature from "Christoph Atteneder <christoph.atteneder@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B
There is a warning that this key is not certificed with a trusted signature.
Thanks for the quick reply. Has the install been compromised? Should I reinstall my OS? Not sophisticated to do anything less. Worried that something is logging my keystrokes in the background.
If you got the files from the website or the github and properly verified them, then nothing should be wrong. The two issues I mentioned above don’t seem to be related. But assuming this is your first time using Bisq it may be worth it to wait for the hotfix that will be released.
Ok thanks. I downloaded Bisq from https://bisq.network/ and verified the download with the results below. Is my computer secure? Why does Bisq want ‘keystrokes from any application’?
T3000:Downloads nick$ gpg --digest-algo SHA256 --verify Bisq-1.2.9.dmg{.asc*,}
gpg: Signature made Mon Mar 16 09:20:46 2020 MDT
gpg: using RSA key CB36D7D2EBB2E35D9B75500BCD5DC1C529CDFD3B
gpg: issuer "christoph.atteneder@gmail.com"
gpg: key CD5DC1C529CDFD3B: public key "Christoph Atteneder <christoph.atteneder@gmail.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: Good signature from "Christoph Atteneder <christoph.atteneder@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B
From my understanding, it isn’t a Bisq issue but the OS you’re using. That Github issue I linked above is the best source for information I can give you.