Pages:
Author

Topic: [GUIDE] How to Safely Download and Verify Electrum [Guide] (Read 55331 times)

newbie
Activity: 26
Merit: 4
~

Once you have everything set up, to verify future updates you only need to double click the .asc file.  It's that easy.

And to Pmalek's point, please don't spam this thread with questions that I've already answered in the OP.
legendary
Activity: 2730
Merit: 7065
I hope you are not planning on capturing this thread like you did in the past with everything in the Hardware Wallet sub and your 1001 questions. Huh
Your question has been answered. VERIFY THE SIGNATURES before installing an update EVERY TIME, no matter how many times you did it in the past. It doesn't matter how other people do it. Try and do the right thing on your end.

I am not aware of anyone uploading a fake version of Electrum, which then ended up being installed by the users. Would you like to be the first one to suffer from something like that (if it happened) because you were too lazy to follow simple verification instructions? It's possible that someone gains access to the site and uploads fake versions of Electrum. But if you saved the developer's public keys to Kleopatra in the past, you would notice that during the SIGNATURE VERIFICATION, which would be unsuccessful. That's why you are doing it. 
full member
Activity: 1792
Merit: 186
A while back I downloaded electrum again on my older laptop and installed that GPG that you are talking about.  I no longer use that computer though.  So you are saying download electrum again from the official website on the new computer, then download GPG and do the same exact thing.


Then everytime there is a new electrum update, how do you check the new electrum update is real that takes less than a minute?


However, if you manually enter the electrum website on the address bar, then isn't it pretty much 100% the electrum you download is legit though?  Has there been even one case of electrum downloaded from the official site being fake?  And by that... I mean you manually type in the electrum website address on the address bar and click enter as oppose to going to google and clicking on electrum site which might not be electrum.  Also how often does electrum have an update these days?  Do most people typically wait a while after an update before you download the new electrum? 
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
do you need to verify it though even if you have the verified electrum on your laptop downloaded from a while back?

I verify every time I download an update, regardless of how confident I am about the website or source of the download.  Once you have GPG installed and the developers' keys imported into your keyring, verification becomes very easy and takes less than a minute.
legendary
Activity: 2730
Merit: 7065
The process remains the same for every version of the Electrum wallet that the developers release. The reason you verify the software is to make sure that you have a legitimate copy that was signed by the real developers of Electrum. You should do it for each new release because the legitimacy of an older version doesn't mean hat future ones are genuine. You could still end up with a fake wallet that someone else created and signed. So, before you upgrade to a newer version, go through the verification process again.
full member
Activity: 1792
Merit: 186
When you download and verify electrum on your laptop, what happens when there is a new electrum update?  I currently do not have electrum installed on my windows laptop.  I haven't used electrum in a while and don't remember exactly what happens but you could still use electrum with the older version right?  Anyone know how old version of electrum you can still use before you have to download the newest version?  Also, once you downloaded and verify electrum on your laptop that one time... any new electrum version update downloads... you download from electrum site... but do you still have to verify it or not?  I forgot the answer to this.



Last time on another laptop, I downloaded electrum and verified it.  Then I haven't used it for a while.  Then I noticed there was many updates after that electrum so because of that, I didn't even open the old electrum.  But as long as you download from official electrum site... do you need to verify it though even if you have the verified electrum on your laptop downloaded from a while back?
legendary
Activity: 2730
Merit: 7065
Is there a reason to to trust the official app from google play?
There have been numerous examples of scammers hosting fake wallet apps on the Play Store. You should never search for a wallet by going to the Play/App Store and using the search field there. Always go to the official wallet website, click on the genuine download links, and install the app that way.  

Verifying the pgp seems not easy on android.
I have never tried it, but it's for your own safety that you are doing it. It's better to spend a bit more time on the verification now, then to regret not having done it if something goes wrong.

Could use a computer for that but I don't want to involve a computer
It's OK to use a computer because it's easier. I have verified certain mobile apps on my computer and then sent myself the apk files or the exact download location to my phone.
newbie
Activity: 6
Merit: 1
Thank you _act_ . Is there a reason to to trust the official app from google play ?  Verifying the pgp seems not easy on android. Could use a computer for that but I don't want to involve a computer
legendary
Activity: 1064
Merit: 1298
Lightning network is good with small amount of BTC
What is the most secure way to install electrum to android. Is it via apk or official app from google play . I am not an expert on android so I was wondering if there is any reason not to trust the google play
Through the official site and verify its signature. It is recently that fake Electrum apps are not common on Playstore but you can see a fake app on Playstore at anytime.
newbie
Activity: 6
Merit: 1
What is the most secure way to install electrum to android. Is it via apk or official app from google play . I am not an expert on android so I was wondering if there is any reason not to trust the google play
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
Congrats to whoever stickied this thread then (maybe theymos while scouring the earth for mixer topics?)

I had sent PMs to the moderators of this board to no avail, but eventually theymos took pity on me.  The OP is a long post with lots of information, so I'm sure it was just a matter of taking the time to scrutinize it for safety and security's sake.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Bump (I know this conversation was already had, but why the hell isn't this stickied? Nobody's going to find this thread on page 3).

I've reported it to the mods to ask for it to be stickied, but it remains unhandled.  Maybe the active mods want to leave it to ThomasV to decide, but he's not very active so it may have gone unnoticed by him.

@ghost43 has been more active as of late, I'll send him a PM ask him to pass on the message to ThomasV.

Congrats to whoever stickied this thread then (maybe theymos while scouring the earth for mixer topics?)
legendary
Activity: 1064
Merit: 1298
Lightning network is good with small amount of BTC
I've been without access to my desktop computer for awhile so I haven't udpated electrum in roughly 1 year now. I don't remember how I verified the PGP signature before. I'm sure this question has been asked before but if I'm using a hardware wallet with electrum like a ledger nano s for example do I need to worry about my crypto being stolen still or is it just a nuisance to have to deal with it?
This thread is about how to download Electrum and verify its PGP signature, it is not about connecting hardware wallet to Electrum secure or not. It would have been better if you create a new topic about anything that is not related to this thread.

As for your question, using hardware wallet with Electrum is safe. But you have to be careful about Ledger devices becuase they are one of the worst hardware wallets so far.
member
Activity: 100
Merit: 33
I've been without access to my desktop computer for awhile so I haven't udpated electrum in roughly 1 year now. I don't remember how I verified the PGP signature before. I'm sure this question has been asked before but if I'm using a hardware wallet with electrum like a ledger nano s for example do I need to worry about my crypto being stolen still or is it just a nuisance to have to deal with it?
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
Bump (I know this conversation was already had, but why the hell isn't this stickied? Nobody's going to find this thread on page 3).

I've reported it to the mods to ask for it to be stickied, but it remains unhandled.  Maybe the active mods want to leave it to ThomasV to decide, but he's not very active so it may have gone unnoticed by him.

@ghost43 has been more active as of late, I'll send him a PM ask him to pass on the message to ThomasV.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Bump (I know this conversation was already had, but why the hell isn't this stickied? Nobody's going to find this thread on page 3).
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
I recently made some updates to the guide to clarify Linux instructions, add a list of HockeyPuck servers, and I included a link to the KDE Kleopatra site.

I also updated the signature and listed the changes in this post: https://bitcointalksearch.org/topic/m.54223765
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
~

Apparently the release was ready before Emzy had a chance to review and sign.  I think he's been busy lately with his work as a member of the Bisq team, from what I can tell. Emzy's signatures have been added to all the releases as of this morning.

You can see the timestamp of the files here: https://download.electrum.org/4.3.0/
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
Just want to to verify  Cheesy
-snip-
If so, then what happened to Stephan Oeste? Because the last time I updated Electrum, I have 3 valid signatures upon verifiying. Thank you!!
Yep, the signature file for v4.3.0 only contains two signatures:


Emzy's public key is still in Electrum's Repo: https://github.com/spesmilo/electrum/tree/master/pubkeys; His Github profile is also active: https://github.com/Emzy
It's just the signature file in the website doesn't include his signature but you can still download it from here: github.com/spesmilo/electrum-signatures/tree/master/4.3.0
legendary
Activity: 1904
Merit: 1563
Just want to to verify  Cheesy

Does the electrum's latest release 4.3.0 only signed by SomberNight and Thomas Voegtlin? Here's the result in terminal.

Quote
gpg: Good signature from "SomberNight/ghost43 (Electrum RELEASE signing key) <[email protected]>" [full]
gpg: Signature made Friday, 05 August, 2022 11:06:27 PM PST
gpg:                using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <[email protected]>" [full]
gpg:                 aka "ThomasV <[email protected]>" [full]
gpg:                 aka "Thomas Voegtlin <[email protected]>" [full]

If so, then what happened to Stephan Oeste? Because the last time I updated Electrum, I have 3 valid signatures upon verifiying. Thank you!!
Pages:
Jump to: