Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Author

Topic: Electrum verification (Read 215 times)

bassmaster
copper member
Activity: 21
Merit: 3
Electrum verification
April 23, 2019, 12:16:10 PM
#6
Quote from: HCP on April 22, 2019, 05:05:26 PM
6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6
Or
2BD5 824B 7F94 70E6
Or
7F94 70E6

That indicates that you have imported the correct public key belonging to ThomasV

The last option is not secure.  32 bit key ids can easily be faked and have been many times.
Use the full SHA1 fingerprint to verify.
HCP
legendary
Activity: 2086
Merit: 4361
Re: Electrum verification
April 22, 2019, 05:05:26 PM
#5
Also, as someone pointed out in another thread... The key fingerprint needs to be ThomasV's... And should show as:

6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6
Or
2BD5 824B 7F94 70E6
Or
7F94 70E6

That indicates that you have imported the correct public key belonging to ThomasV
bassmaster
copper member
Activity: 21
Merit: 3
Re: Electrum verification
April 22, 2019, 02:49:26 PM
#4
Yep, everything is correct with this.
Disregard the "warning" -- gpg has a terrible UI.
HCP
legendary
Activity: 2086
Merit: 4361
Re: Electrum verification
April 09, 2019, 04:48:49 PM
#3
Further to this... the important part is this:
Quote
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <[email protected]>" [unknown]
That means that the signature is OK


If the signature wasn't valid (ie. fake file)... you'd see something like this:
Quote
gpg: Signature made Wed 13 Feb 2019 22:08:29 GMT
gpg:                using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: BAD signature from "Thomas Voegtlin (https://electrum.org) <[email protected]>" [unknown]
TryNinja
legendary
Activity: 2758
Merit: 6830
Re: Electrum verification
April 09, 2019, 09:42:05 AM
#2
Everything is right.

It says "This key is not certified with a trusted signature!" because you haven't manually trusted ThomasV's key. But if you imported it right, it matches with the signature of the file you downloaded.
godfreybiz
newbie
Activity: 2
Merit: 0
Re: Electrum verification
April 09, 2019, 08:58:23 AM
#1
I am trying to verify Electrum for Linux downloaded from the Electrum website and got the following:

sudo gpg --verify Electrum-3.3.4.tar.gz.asc
gpg: WARNING: unsafe ownership on homedir '/home/me/.gnupg'
gpg: assuming signed data in 'Electrum-3.3.4.tar.gz'
gpg: Signature made Wed 13 Feb 2019 22:08:29 GMT
gpg:                using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <[email protected]>" [unknown]
gpg:                 aka "ThomasV <[email protected]>" [unknown]
gpg:                 aka "Thomas Voegtlin <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6

What do I do?
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Jump to: