Hello, Great Thanks NeuroticFish...
I've seen the link before but I was saving the file wrongly....
So, gpg didn't find a gpg key in the file...
I copied, past the key text in a file with nano and it worked.
Thank you.
Hello Adaseb.
I just tested the sha256sum of the app file and it's OK.
Thank You both ;-)
Topic: Electrum - verifying at least two signatures - I got 1 public key but not others (Read 98 times)
October 15, 2021, 01:01:51 PM
October 15, 2021, 12:16:17 PM
On the download page you can find:
The link from there goes to: https://github.com/spesmilo/electrum/tree/master/pubkeys
And you'll find all the public keys there, including Emzy.
Interestingly on https://download.electrum.org/4.1.5/ I cannot see Emzy's asc, only ThomasV and sombernight_releasekey
Quote from: https://electrum.org/#download
Our executables are reproducible, and are signed independently by several builders.
The link from there goes to: https://github.com/spesmilo/electrum/tree/master/pubkeys
And you'll find all the public keys there, including Emzy.
Interestingly on https://download.electrum.org/4.1.5/ I cannot see Emzy's asc, only ThomasV and sombernight_releasekey
I just went thru this a few days ago, I couldn't find his key from that directory but if you go to
Quote
Which is basically linked to on
Quote
Under Emzy signature for Linux Appimage you should be able to download it. I think he forgot to add it to download.electrum.org but its listed under the github downloads.
I was paranoid too and I verified all 3 signatures and I took ThomasV signature even from 3 different sources to make sure its legit. If you want another method of verifying the file. The sha256sum for electrum-4.1.5-x86_64.AppImage is
Quote
sha256sum electrum-4.1.5-x86_64.AppImage
Quote
21d5017ddf87d75be76a3c736fb547cb5e33399938abd69d82ff66a80de8c13f electrum-4.1.5-x86_64.AppImage
October 15, 2021, 09:13:28 AM
On the download page you can find:
The link from there goes to: https://github.com/spesmilo/electrum/tree/master/pubkeys
And you'll find all the public keys there, including Emzy.
Interestingly on https://download.electrum.org/4.1.5/ I cannot see Emzy's asc, only ThomasV and sombernight_releasekey
Quote from: https://electrum.org/#download
Our executables are reproducible, and are signed independently by several builders.
The link from there goes to: https://github.com/spesmilo/electrum/tree/master/pubkeys
And you'll find all the public keys there, including Emzy.
Interestingly on https://download.electrum.org/4.1.5/ I cannot see Emzy's asc, only ThomasV and sombernight_releasekey
October 15, 2021, 09:02:10 AM
Hello Everyone,
I just downloaded Electrum-4.1.5...
I want to verify, with gpg, two signatures (for example ThomasV and Emzy).
I found the public key of ThomasV, that I imported with gpg (gpg --import ...)
I verified the ....ThomasV.asc
And It's OK...
gpg --verify electrum-4.1.5-x86_64.AppImage.ThomasV.asc electrum-4.1.5-x86_64.AppImage
The answer is (in french, sorry):
gpg: Signature faite le lun 19 jui 2021 20:22:33 CEST avec la clef RSA d'identifiant 7F9470E6
gpg: Bonne signature de « Thomas Voegtlin (https://electrum.org) <[email protected]> »
gpg: alias « ThomasV <[email protected]> »
gpg: alias « Thomas Voegtlin <[email protected]> »
gpg: Attention : cette clef n'est pas certifiée avec une signature de confiance.
gpg: Rien n'indique que la signature appartient à son propriétaire.
Empreinte de clef principale : 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
Now, I want to verify the ....Emzy.asc...
BUT I d'ont find the public key...
The answer for gpg --verify electrum-4.1.5-x86_64.AppImage.Emzy.asc electrum-4.1.5-x86_64.AppImage
is (yes, it's in french):
gpg: Signature faite le jeu 22 jui 2021 14:49:22 CEST avec la clef RSA d'identifiant 07DA627C
gpg: Impossible de vérifier la signature : clef publique introuvable
Is that ok ? Or must I find the public key for the electrum-4.1.5-x86_64.AppImage.Emzy.asc ?
What must I do ?
Thank You All in advance.
I just downloaded Electrum-4.1.5...
I want to verify, with gpg, two signatures (for example ThomasV and Emzy).
I found the public key of ThomasV, that I imported with gpg (gpg --import ...)
I verified the ....ThomasV.asc
And It's OK...
gpg --verify electrum-4.1.5-x86_64.AppImage.ThomasV.asc electrum-4.1.5-x86_64.AppImage
The answer is (in french, sorry):
gpg: Signature faite le lun 19 jui 2021 20:22:33 CEST avec la clef RSA d'identifiant 7F9470E6
gpg: Bonne signature de « Thomas Voegtlin (https://electrum.org) <[email protected]> »
gpg: alias « ThomasV <[email protected]> »
gpg: alias « Thomas Voegtlin <[email protected]> »
gpg: Attention : cette clef n'est pas certifiée avec une signature de confiance.
gpg: Rien n'indique que la signature appartient à son propriétaire.
Empreinte de clef principale : 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
Now, I want to verify the ....Emzy.asc...
BUT I d'ont find the public key...
The answer for gpg --verify electrum-4.1.5-x86_64.AppImage.Emzy.asc electrum-4.1.5-x86_64.AppImage
is (yes, it's in french):
gpg: Signature faite le jeu 22 jui 2021 14:49:22 CEST avec la clef RSA d'identifiant 07DA627C
gpg: Impossible de vérifier la signature : clef publique introuvable
Is that ok ? Or must I find the public key for the electrum-4.1.5-x86_64.AppImage.Emzy.asc ?
What must I do ?
Thank You All in advance.
Jump to: