Author

Topic: Electrum - verifying at least two signatures - I got 1 public key but not others (Read 119 times)

newbie
Activity: 12
Merit: 8
Hello, Great Thanks NeuroticFish...

I've seen the link before but I was saving the file wrongly....
So, gpg didn't find a gpg key in the file...

I copied, past the key text in a file with nano and it worked.

Thank you.




Hello Adaseb.

I just tested the sha256sum of the app file and it's OK.

Thank You both ;-)
legendary
Activity: 3808
Merit: 1723
On the download page you can find:

Our executables are reproducible, and are signed independently by several builders.

The link from there goes to: https://github.com/spesmilo/electrum/tree/master/pubkeys
And you'll find all the public keys there, including Emzy.


Interestingly on https://download.electrum.org/4.1.5/ I cannot see Emzy's asc, only ThomasV and sombernight_releasekey

I just went thru this a few days ago, I couldn't find his key from that directory but if you go to

Quote

Which is basically linked to on

Quote

Under Emzy signature for Linux Appimage you should be able to download it. I think he forgot to add it to download.electrum.org but its listed under the github downloads.



I was paranoid too and I verified all 3 signatures and I took ThomasV signature even from 3 different sources to make sure its legit. If you want another method of verifying the file. The sha256sum for electrum-4.1.5-x86_64.AppImage is

Quote
sha256sum electrum-4.1.5-x86_64.AppImage

Quote
21d5017ddf87d75be76a3c736fb547cb5e33399938abd69d82ff66a80de8c13f  electrum-4.1.5-x86_64.AppImage
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
On the download page you can find:

Our executables are reproducible, and are signed independently by several builders.

The link from there goes to: https://github.com/spesmilo/electrum/tree/master/pubkeys
And you'll find all the public keys there, including Emzy.


Interestingly on https://download.electrum.org/4.1.5/ I cannot see Emzy's asc, only ThomasV and sombernight_releasekey
newbie
Activity: 12
Merit: 8
Hello Everyone,

I just downloaded Electrum-4.1.5...

I want to verify, with gpg, two signatures (for example ThomasV and Emzy).

I found the public key of ThomasV, that I imported with gpg (gpg --import ...)
I verified the ....ThomasV.asc
And It's OK...
gpg --verify electrum-4.1.5-x86_64.AppImage.ThomasV.asc electrum-4.1.5-x86_64.AppImage

The answer is (in french, sorry):
gpg: Signature faite le lun 19 jui 2021 20:22:33 CEST avec la clef RSA d'identifiant 7F9470E6
gpg: Bonne signature de « Thomas Voegtlin (https://electrum.org) <[email protected]> »
gpg:                 alias « ThomasV <[email protected]> »
gpg:                 alias « Thomas Voegtlin <[email protected]> »
gpg: Attention : cette clef n'est pas certifiée avec une signature de confiance.
gpg:          Rien n'indique que la signature appartient à son propriétaire.
Empreinte de clef principale : 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6


Now, I want to verify the ....Emzy.asc...
BUT I d'ont find the public key...

The answer for gpg --verify electrum-4.1.5-x86_64.AppImage.Emzy.asc electrum-4.1.5-x86_64.AppImage
is (yes, it's in french):

gpg: Signature faite le jeu 22 jui 2021 14:49:22 CEST avec la clef RSA d'identifiant 07DA627C
gpg: Impossible de vérifier la signature : clef publique introuvable


Is that ok ?  Or must I find the public key for the electrum-4.1.5-x86_64.AppImage.Emzy.asc ?

What must I do ?

Thank You All in advance.
Jump to: