Author

Topic: Electrum verification (Read 221 times)

copper member
Activity: 21
Merit: 3
April 23, 2019, 12:16:10 PM
#6
6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6
Or
2BD5 824B 7F94 70E6
Or
7F94 70E6

That indicates that you have imported the correct public key belonging to ThomasV

The last option is not secure.  32 bit key ids can easily be faked and have been many times.
Use the full SHA1 fingerprint to verify.
HCP
legendary
Activity: 2086
Merit: 4363
April 22, 2019, 05:05:26 PM
#5
Also, as someone pointed out in another thread... The key fingerprint needs to be ThomasV's... And should show as:

6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6
Or
2BD5 824B 7F94 70E6
Or
7F94 70E6

That indicates that you have imported the correct public key belonging to ThomasV
copper member
Activity: 21
Merit: 3
April 22, 2019, 02:49:26 PM
#4
Yep, everything is correct with this.
Disregard the "warning" -- gpg has a terrible UI.
HCP
legendary
Activity: 2086
Merit: 4363
April 09, 2019, 04:48:49 PM
#3
Further to this... the important part is this:
Quote
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <[email protected]>" [unknown]
That means that the signature is OK


If the signature wasn't valid (ie. fake file)... you'd see something like this:
Quote
gpg: Signature made Wed 13 Feb 2019 22:08:29 GMT
gpg:                using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: BAD signature from "Thomas Voegtlin (https://electrum.org) <[email protected]>" [unknown]
legendary
Activity: 2758
Merit: 6830
April 09, 2019, 09:42:05 AM
#2
Everything is right.

It says "This key is not certified with a trusted signature!" because you haven't manually trusted ThomasV's key. But if you imported it right, it matches with the signature of the file you downloaded.
newbie
Activity: 2
Merit: 0
April 09, 2019, 08:58:23 AM
#1
I am trying to verify Electrum for Linux downloaded from the Electrum website and got the following:

sudo gpg --verify Electrum-3.3.4.tar.gz.asc
gpg: WARNING: unsafe ownership on homedir '/home/me/.gnupg'
gpg: assuming signed data in 'Electrum-3.3.4.tar.gz'
gpg: Signature made Wed 13 Feb 2019 22:08:29 GMT
gpg:                using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <[email protected]>" [unknown]
gpg:                 aka "ThomasV <[email protected]>" [unknown]
gpg:                 aka "Thomas Voegtlin <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6

What do I do?
Jump to: