I wonder if the OP is having trouble because of the new policy of providing signatures from multiple developers. Just to reiterate the issue; the signature files' names differ from the binary file's name, which prevents GIU GPG applications (with default settings) from reading the binary file when one double-clicks on a signature file. GUI applications expect the signature file's name to be the same as the binary file's name, with the addition of
.asc extension.
For example;
Binary file name:
electrum-4.1.5.dmgSignature file name:
electrum-4.1.5.dmg.ascCurrently if you download the binary and the signature files you'll have the following file names:
The binary file name:
electrum-4.1.5.dmgThomasV's signature file name:
electrum-4.1.5.dmg.ThomasV.ascSomberNight's signature file name:
electrum-4.1.5.dmg.sombernight_releasekey.ascEmzy's signature file name:
electrum-4.1.5.dmg.Emzy.ascI recently learned a trick that makes it a lot easier to verify all the signatures at once. All you have to do is save all the signatures in one text file, and save it with the typical naming standard, i.e. as in the example above;
electrum-4.1.5.dmg.asc.
For example:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEZpTY3nvo7lYxvtlQK9WCS3+UcOYFAmD1wuMACgkQK9WCS3+U
cOZ8lg/8C4E2VrrneIJ0PvCaPvB7wj0hBg2Spfqsgr43vyeQm52KQSiQ/0TcQUls
7j7pu5rklVii+NRXEnHh9T9A4m9n2SEgw53n+wQrEuK8VQWerzfei8jQ5QR6XkEd
EGbsE5YT4FVvvHdyuo2gc92YSG81GwDXHlvGF91ipSLe4Jmg7vQ+w/ccPebvnA2Z
ccqff3iTw8TWJ8PVD+Lq7LHZPuZSZxGftihxZIfMoSWt1xH7oslIM7ygi2MVfDpi
BtfQF4diYyHBjMEE/g8BTnUfldTuP+ODmsNhw49W/QRTuiDWkb5j5HpLXhJ/+inA
vwwwbKaEqXM4L62/VSvIvC18gWXAR/CLV56ibw0nQgKvdWgsf+UAiVlvSk82QHoJ
RWvJG4IwI7jbEkA+LJ4yGCIZ7hTZ018Gp0i3uNjfY2+oe5GecgbyPTbdPTEU/a/v
UwM/gNX9BycbVMDYNeqWor10gTUrreKFLyYu8V3IsMxjMqPfWSgjGzln6it4UY8i
SSN/XTh/Ol4U+6TVgqDsbRwWOCyomLgltjWiv+osYKfF4xt99GWiPaN4H3NG+7et
BotndWrCibJqEFkGlml9ilJUYlBsbQuGHF0vhiJcYRZTumYJU0ABwbQQ/HboM2jT
7CDdNAheFpE+xz2F3JSeXrWBHnnYP3k/bVMJwSmSgrvxVRzPpfM=
=K00C
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEDu3P1cr7RZBnNJsjyp7uxD35EdwFAmD10G8ACgkQyp7uxD35
EdyZEA/9HI4bbfTDsRSRA4Q6PIq1SLuwtf/5eYkCAb9R13X0bcJa50Q8+je2v7JF
ZlAMJT9ueTKOpC043CLXmd8m+pD3qnIOHZXLbyIHmN6WEIHUbtp9ixLOlhMB6GXe
FfD8iVEDNIzyOr1TaiXnSTPatVdHJ3+pG2BPO3rbnwaeLod8FNrhrnUEfYs3ESI2
L36B5gnT5ua8Mj3SVAWGkNbioHt16w9txSjjmYGc0FQYMUsfCz5PmQyco+PUtHrL
1WuKuTQ5Vl765nZD68hPTeKyIE0OqI0htnqIyJ8ImEOFesXicqgQOQ16uhLCmwP4
Vdd/Fiz+dT+16FXnQCQsz13LDIM6U6ijJ79sqMeTdMn5ADX57Iur1B4GDXhTlCW/
halXPQQRWlOZF/SkzSd2R7M8A/JLn+1Orgqy/Fv5BAkeGnuMlkGY7LA6lUkETRYe
5klhtauC5CihKdP7leOKkM8QR5RIfbVJqUTGZaOstP8xGJTKXIkmpeUn++PvJVB0
+0X/G3gaf9J/jWMsLk/MjKIkjszOVz/KWOtfi+Mr4Zjuq9Ju+xQAK7XAtUxt5a5l
HMrX1kDCpsHIe9jg2WOUp6kh7AJAOStwYBAYQLAUz/y6pDjZgeg6bNSlMQM/bpMU
ZMWv+pMqE7YuapJJnu58ubhjj3qTfJU/pXLIUG5B3P/XT1vPOQo=
=gGIz
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEY32x4jNw+Er/iMzgMVI0fQfaYnwFAmD5aVUACgkQMVI0fQfa
YnxJZw//T3F6UwwhZsePQw822ACDUyeEuq5IcKF7m+9/4HlaG8TmUPDS5CXK0Jbl
SX5uyhdevYneCxf+uHQUwKTvaaOU6f07U+IgtyzXjbqZQ2YUNb/eRZLKq3auG9bO
cBG1dfoamNzrsvvLCQvFEYeieRik2Kg3mCGMCZuaaqtQT8zQv1aGRE63T0Dq5I9v
NWOvbFMsmF2XDSiOMesIP6yxgYlKJG+KJ/Mbj6h2ZJ3v9bE68XrjnrWmz75btQ67
qlHvcP7+RU8eQb1+Brk3yYdm9vGKyhrPBFJb8wmqcRfE5f+tAR2Fvdt+78pzygnu
Gj7ZW3tH6egpeweVcIWGMa1YumrecbW9RjgjPyGd6jrJGXtSrcO8URO8GQkMWYel
cu5sJEr6izVGJiouIN+Xszjc2NR2ar2ZfYiWknlN4KI7LdhlhDNGwGwREUeGNQvO
RRZRydLC+42KEIyPLBs9ZI7QP1zt5vvmhwTep9vH2sPCI7ehlkPTLzrEK9Yy/lbz
f7bkwhxB01wtJvJycdnmIz8OMMN0iK9AwZXOMsvFY320kLPgB8iO30AvrXvhO5L4
bFrr/M9G+pNJBd3pyx4G/dTkNUHj90yeKhyiIH37TPO1ERF7GihEyikyv44FXKAz
ZTOEKqEPrkO75dpfaIO2fKHkAQouBReVP1q7JLsKfc51lGdmOy8=
=3nnA
-----END PGP SIGNATURE-----
Now you can double-click the
.asc file and your GPG app will verify all the signatures in the file:
Or, you can use the CLI to verify all signatures: