~
Once you have everything set up, to verify future updates you only need to double click the .asc file. It's that easy.
And to Pmalek's point, please don't spam this thread with questions that I've already answered in the OP.
Topic: [GUIDE] How to Safely Download and Verify Electrum [Guide] (Read 20538 times)
Once you have everything set up, to verify future updates you only need to double click the .asc file. It's that easy.
And to Pmalek's point, please don't spam this thread with questions that I've already answered in the OP.
Your question has been answered. VERIFY THE SIGNATURES before installing an update EVERY TIME, no matter how many times you did it in the past. It doesn't matter how other people do it. Try and do the right thing on your end.
I am not aware of anyone uploading a fake version of Electrum, which then ended up being installed by the users. Would you like to be the first one to suffer from something like that (if it happened) because you were too lazy to follow simple verification instructions? It's possible that someone gains access to the site and uploads fake versions of Electrum. But if you saved the developer's public keys to Kleopatra in the past, you would notice that during the SIGNATURE VERIFICATION, which would be unsuccessful. That's why you are doing it.
A while back I downloaded electrum again on my older laptop and installed that GPG that you are talking about. I no longer use that computer though. So you are saying download electrum again from the official website on the new computer, then download GPG and do the same exact thing.
Then everytime there is a new electrum update, how do you check the new electrum update is real that takes less than a minute?
However, if you manually enter the electrum website on the address bar, then isn't it pretty much 100% the electrum you download is legit though? Has there been even one case of electrum downloaded from the official site being fake? And by that... I mean you manually type in the electrum website address on the address bar and click enter as oppose to going to google and clicking on electrum site which might not be electrum. Also how often does electrum have an update these days? Do most people typically wait a while after an update before you download the new electrum?
Then everytime there is a new electrum update, how do you check the new electrum update is real that takes less than a minute?
However, if you manually enter the electrum website on the address bar, then isn't it pretty much 100% the electrum you download is legit though? Has there been even one case of electrum downloaded from the official site being fake? And by that... I mean you manually type in the electrum website address on the address bar and click enter as oppose to going to google and clicking on electrum site which might not be electrum. Also how often does electrum have an update these days? Do most people typically wait a while after an update before you download the new electrum?
do you need to verify it though even if you have the verified electrum on your laptop downloaded from a while back?
I verify every time I download an update, regardless of how confident I am about the website or source of the download. Once you have GPG installed and the developers' keys imported into your keyring, verification becomes very easy and takes less than a minute.
When you download and verify electrum on your laptop, what happens when there is a new electrum update? I currently do not have electrum installed on my windows laptop. I haven't used electrum in a while and don't remember exactly what happens but you could still use electrum with the older version right? Anyone know how old version of electrum you can still use before you have to download the newest version? Also, once you downloaded and verify electrum on your laptop that one time... any new electrum version update downloads... you download from electrum site... but do you still have to verify it or not? I forgot the answer to this.
Last time on another laptop, I downloaded electrum and verified it. Then I haven't used it for a while. Then I noticed there was many updates after that electrum so because of that, I didn't even open the old electrum. But as long as you download from official electrum site... do you need to verify it though even if you have the verified electrum on your laptop downloaded from a while back?
Last time on another laptop, I downloaded electrum and verified it. Then I haven't used it for a while. Then I noticed there was many updates after that electrum so because of that, I didn't even open the old electrum. But as long as you download from official electrum site... do you need to verify it though even if you have the verified electrum on your laptop downloaded from a while back?
Is there a reason to to trust the official app from google play?
There have been numerous examples of scammers hosting fake wallet apps on the Play Store. You should never search for a wallet by going to the Play/App Store and using the search field there. Always go to the official wallet website, click on the genuine download links, and install the app that way. Verifying the pgp seems not easy on android.
I have never tried it, but it's for your own safety that you are doing it. It's better to spend a bit more time on the verification now, then to regret not having done it if something goes wrong.Could use a computer for that but I don't want to involve a computer
It's OK to use a computer because it's easier. I have verified certain mobile apps on my computer and then sent myself the apk files or the exact download location to my phone.
Thank you _act_ . Is there a reason to to trust the official app from google play ? Verifying the pgp seems not easy on android. Could use a computer for that but I don't want to involve a computer
What is the most secure way to install electrum to android. Is it via apk or official app from google play . I am not an expert on android so I was wondering if there is any reason not to trust the google play
Through the official site and verify its signature. It is recently that fake Electrum apps are not common on Playstore but you can see a fake app on Playstore at anytime.
What is the most secure way to install electrum to android. Is it via apk or official app from google play . I am not an expert on android so I was wondering if there is any reason not to trust the google play
Congrats to whoever stickied this thread then (maybe theymos while scouring the earth for mixer topics?)
I had sent PMs to the moderators of this board to no avail, but eventually theymos took pity on me. The OP is a long post with lots of information, so I'm sure it was just a matter of taking the time to scrutinize it for safety and security's sake.
Bump (I know this conversation was already had, but why the hell isn't this stickied? Nobody's going to find this thread on page 3).
I've reported it to the mods to ask for it to be stickied, but it remains unhandled. Maybe the active mods want to leave it to ThomasV to decide, but he's not very active so it may have gone unnoticed by him.
@ghost43 has been more active as of late, I'll send him a PM ask him to pass on the message to ThomasV.
Congrats to whoever stickied this thread then (maybe theymos while scouring the earth for mixer topics?)
I've been without access to my desktop computer for awhile so I haven't udpated electrum in roughly 1 year now. I don't remember how I verified the PGP signature before. I'm sure this question has been asked before but if I'm using a hardware wallet with electrum like a ledger nano s for example do I need to worry about my crypto being stolen still or is it just a nuisance to have to deal with it?
This thread is about how to download Electrum and verify its PGP signature, it is not about connecting hardware wallet to Electrum secure or not. It would have been better if you create a new topic about anything that is not related to this thread.As for your question, using hardware wallet with Electrum is safe. But you have to be careful about Ledger devices becuase they are one of the worst hardware wallets so far.
I've been without access to my desktop computer for awhile so I haven't udpated electrum in roughly 1 year now. I don't remember how I verified the PGP signature before. I'm sure this question has been asked before but if I'm using a hardware wallet with electrum like a ledger nano s for example do I need to worry about my crypto being stolen still or is it just a nuisance to have to deal with it?
Bump (I know this conversation was already had, but why the hell isn't this stickied? Nobody's going to find this thread on page 3).
I've reported it to the mods to ask for it to be stickied, but it remains unhandled. Maybe the active mods want to leave it to ThomasV to decide, but he's not very active so it may have gone unnoticed by him.
@ghost43 has been more active as of late, I'll send him a PM ask him to pass on the message to ThomasV.
Bump (I know this conversation was already had, but why the hell isn't this stickied? Nobody's going to find this thread on page 3).
I recently made some updates to the guide to clarify Linux instructions, add a list of HockeyPuck servers, and I included a link to the KDE Kleopatra site.
I also updated the signature and listed the changes in this post: https://bitcointalksearch.org/topic/m.54223765
I also updated the signature and listed the changes in this post: https://bitcointalksearch.org/topic/m.54223765
~
Apparently the release was ready before Emzy had a chance to review and sign. I think he's been busy lately with his work as a member of the Bisq team, from what I can tell. Emzy's signatures have been added to all the releases as of this morning.
You can see the timestamp of the files here: https://download.electrum.org/4.3.0/
Just want to to verify 
-snip-
If so, then what happened to Stephan Oeste? Because the last time I updated Electrum, I have 3 valid signatures upon verifiying. Thank you!!
Yep, the signature file for v4.3.0 only contains two signatures:-snip-
If so, then what happened to Stephan Oeste? Because the last time I updated Electrum, I have 3 valid signatures upon verifiying. Thank you!!
Emzy's public key is still in Electrum's Repo: https://github.com/spesmilo/electrum/tree/master/pubkeys; His Github profile is also active: https://github.com/Emzy
It's just the signature file in the website doesn't include his signature but you can still download it from here: github.com/spesmilo/electrum-signatures/tree/master/4.3.0
Just want to to verify
Does the electrum's latest release 4.3.0 only signed by SomberNight and Thomas Voegtlin? Here's the result in terminal.
If so, then what happened to Stephan Oeste? Because the last time I updated Electrum, I have 3 valid signatures upon verifiying. Thank you!!
Does the electrum's latest release 4.3.0 only signed by SomberNight and Thomas Voegtlin? Here's the result in terminal.
Quote
gpg: Good signature from "SomberNight/ghost43 (Electrum RELEASE signing key) <[email protected]>" [full]
gpg: Signature made Friday, 05 August, 2022 11:06:27 PM PST
gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <[email protected]>" [full]
gpg: aka "ThomasV <[email protected]>" [full]
gpg: aka "Thomas Voegtlin <[email protected]>" [full]
gpg: Signature made Friday, 05 August, 2022 11:06:27 PM PST
gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <[email protected]>" [full]
gpg: aka "ThomasV <[email protected]>" [full]
gpg: aka "Thomas Voegtlin <[email protected]>" [full]
If so, then what happened to Stephan Oeste? Because the last time I updated Electrum, I have 3 valid signatures upon verifiying. Thank you!!
Jump to: