Pages:
Author

Topic: [GUIDE] How to Safely Download and Verify Electrum [Guide] - page 2. (Read 51183 times)

legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
you have to reverify every single time electrum has update?
If you already set-up a machine with the necessary GPG tools,
you don't have to set it up all over again so there's not much hassle to verify the new version.

Usually, you'll just have to redo the last step which is the actual verification; in the OP, it's the "Download and Verify Electrum" step.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
you have to reverify every single time electrum has update?

You absolutely should, yes.  Murphy's law; the one time you decide to skip verification will be the time you download malware and lose all your coins.  Once the initial setup is done, verification takes less than a minute.  Git 'er done.
full member
Activity: 1750
Merit: 186
you have to reverify every single time electrum has update?
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
Can electrum import the wallet from a WIF hdseed?
The one from Bitcoin Core dumpwallet file or similar? If so, no.
Electrum only accepts Seed Phrase (Electrum or BIP39), Master private keys or individual WIF private keys (for a single address) to restore a non-watching-only wallet.
member
Activity: 77
Merit: 35
Can electrum import the wallet from a WIF hdseed?
legendary
Activity: 2730
Merit: 7065
Lol, a lot of folks seem to get frustrated with jerry, but he doesn't bother me at all.  I imagine he's not very experienced with computers, and trying to learn general computing and crypto at the same time would be daunting for any of us.
Most people active in the technical boards have stopped responding in his topics altogether. I have no problems helping anyone if I can. The problem with Jerry is that you tell him something yesterday and he asks the same thing today. Next week, he will ask it again. The perfect examples are updates to Ledger Live and the crypto apps. Should I update, when should I update, what percentage of the world population already updated, can I lose my coins if I update, will I get a virus when I update, a new version came out last week, do I need to update this time...

The chances of Bitcoin switching to POS are greater than the chances of Jerry not asking about an update.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
~

Lol, a lot of folks seem to get frustrated with jerry, but he doesn't bother me at all.  I imagine he's not very experienced with computers, and trying to learn general computing and crypto at the same time would be daunting for any of us.  Even if he over-thinks things from time to time, at least he's making the effort and being thorough, which is to be commended. 

Most of us who are more technically capable have probably been using computers for years (or decades, in my case) before getting into crypto.  Obviously that's bound to provide an advantage.
legendary
Activity: 2730
Merit: 7065
Now, do i need to update electrum again if i plan to use it?
You literally replied to one of my posts a few hours ago saying you don't want to use Electrum anymore because you prefer Ledger Live.

Well i kind of don't want to use electrum anymore.  Haven't used it in years and only used ledger live with the nano ledger s.

And here you are asking whether or not you should verify the newer versions of the software. You should verify each new Electrum version before installing it on your computer no matter how often they come out.

Cypress Hill - Insane In The Brain
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
How old of an electrum can you still use without it having problems?  For example i mention the electrum version that i have on my windows pc that i installed and verified not that long ago.  But how often does electrum have an update?  Once every... how many months?  
Not depending on months, it depend if there's a major bug in the version that you're using or if there's a new feature that you need from the latest release.
You can refer to the release notes in my previous post to check what's changed.

Now, it's safe to assume that your currently installed v4.1.5 can work without issues.

Also when did people actually starting verifying electrum.
I can only guess based from the archived page of electrum.org.
Ever since the start, they've added a simple checksum (MD5 Hash) to check if the downloaded binary is the same as the release.
But that's not the verification we're doing now.

If archive.org's dates are accurate, they've started including signatures in 2013.
electrum.org/download: March 2013 - MD5 checksum and signature
electrum.org/download: January 2013 - just MD5 checksum
full member
Activity: 1750
Merit: 186
How old of an electrum can you still use without it having problems?  For example i mention the electrum version that i have on my windows pc that i installed and verified not that long ago.  But how often does electrum have an update?  Once every... how many months? 


But you could still use it with no issue as long as its at least electrum x.x version?  Back then recall i rarely ever updated it.



Also when did people actually starting verifying electrum.  Back when i used it long time ago, i never did that.  Had no clue you had to do it or even heard of people talk about verifying it.  Did this all come about years ago because of the electrum fake message of telling me people to download the fake electrum which caused this whole you need to verify electrum?  Because if that is the case, that make sense.  But back then, nobody did that?  But as long as you download electrum from the official site... and by that i mean you actually type the address on the address bar yourself as oppose to google.... there hasn't been a case of fake electrum correct?
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
-snip- But is that the same with electrum or you need to verify the hash each and everytime with electrum?
Electrum is different,
It's in-app notification will only prompt you to download the latest version from the official website linked in the "update check".
It wont be downloaded and installed by the app itself.

It's basically the same as downloading a new binary that's not linked to your previously verified file.
So it's still recommended to verify the new binary every time there's a new update.

Now, do i need to update electrum again if i plan to use it?
It's up to you if you want the new version's features or need the bug fixes. (release notes)
full member
Activity: 1750
Merit: 186
Downloaded and verified electrum few months ago.  This was with electrum version 4.1.5 on windows ten laptop.  The I entered my old electrum seed phrase to restore the old electrum wallet.  The old electrum wallet does not have any btc.  You do see all the history of transactions from a while back.


Now, do i need to update electrum again if i plan to use it?  Now can you update electrum from electrum settings... or you need to go to electrum site and download the newest electrum version and then have to verify it again?  Or is that not necessary anymore? 


Do you need to verify electrum each time there is a new version and you need to verify it?  Recall with ledger live, once you verify ledger live just once on your windows pc, anytime there is a ledger live update showing in top right corner, you can just click that and update it because ledger live has already been verified.  But is that the same with electrum or you need to verify the hash each and everytime with electrum?
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
I believe that verifying the key does not require your own key  (and hence password) either - at least on command-line (I once verified a message from someone else's public key without my own key, but maybe I'm  misremembering. I do know that you have to set the key to be trusted while importing it though.

Partially correct: You won't be able to certify (sign) another persons key without your own, but you can indeed verify signed messages without your own key pair.  Technically you don't even need to download the public signing key.  The results will indicate that the message was signed by xyz key, but also mention that they key is unknown or unavailable.  As long as you're willing to confirm that key xyz is they key you expected to have signed the message you don't actually need any keys in your keyring.
Setting a key to trusted shouldn't normally be done if you don't actually trust it. There are various trust levels and PGP does ask you about the level of confidence you have that this key actually belongs to the person (name and email) provided.

This is necessary to create PGP's web of trust.


Trust in a key's owner

In practice trust is subjective. For example, Blake's key is valid to Alice since she signed it, but she may not trust Blake to properly validate keys that he signs. In that case, she would not take Chloe's and Dharma's key as valid based on Blake's signatures alone. The web of trust model accounts for this by associating with each public key on your keyring an indication of how much you trust the key's owner. There are four trust levels.

unknown: Nothing is known about the owner's judgement in key signing. Keys on your public keyring that you do not own initially have this trust level.

none: The owner is known to improperly sign other keys.

marginal: The owner understands the implications of key signing and properly validates keys before signing them.

full: The owner has an excellent understanding of key signing, and his signature on a key would be as good as your own.

[...]

Using trust to validate keys

The web of trust allows a more elaborate algorithm to be used to validate a key. Formerly, a key was considered valid only if you signed it personally. A more flexible algorithm can now be used: a key K is considered valid if it meets two conditions:

1.) it is signed by enough valid keys, meaning
- you have signed it personally,
- it has been signed by one fully trusted key, or
- it has been signed by three marginally trusted keys; and

2.) the path of signed keys leading from K back to your own key is five steps or shorter.

The path length, number of marginally trusted keys required, and number of fully trusted keys required may be adjusted. The numbers given above are the default values used by GnuPG.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
GPG keys can be created but with skipping the password step, by using the command line gpg --gen-key and following the on-screen instructions listed.

Correct, when using CLI commands you are prompted for a password, but you can leave it blank and press the enter key.

I believe that verifying the key does not require your own key  (and hence password) either - at least on command-line (I once verified a message from someone else's public key without my own key, but maybe I'm  misremembering. I do know that you have to set the key to be trusted while importing it though.

Partially correct: You won't be able to certify (sign) another persons key without your own, but you can indeed verify signed messages without your own key pair.  Technically you don't even need to download the public signing key.  The results will indicate that the message was signed by xyz key, but also mention that they key is unknown or unavailable.  As long as you're willing to confirm that key xyz is they key you expected to have signed the message you don't actually need any keys in your keyring.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
No no you understand me wrongly.

It was not by installing Electrum (NOT seed phrase). It was by verifiyng the signature with GPG just after the "Generate new key pair".
They ask me to create a secret phrase (I had to choose it myself). It was not by using Electrum but well GPG.
I think it's a new step.

GPG keys can be created but with skipping the password step, by using the command line gpg --gen-key and following the on-screen instructions listed.

I believe that verifying the key does not require your own key  (and hence password) either - at least on command-line (I once verified a message from someone else's public key without my own key, but maybe I'm  misremembering. I do know that you have to set the key to be trusted while importing it though.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
-They ask me to create a "secret" sentence (I don't remember in which step sorry but it wasn't in the tutorial I think. except this, the tutorial was gratand really well explained)

Electrum does indeed generate a 12-word secret seed phrase, that's the back up for your wallet.  The seed phrase creation part of the process is beyond the scope of my tutorial, which focuses on verifying the PGP signatures.  If you need help using Electrum there is plenty of information in this sub-forum, or feel free to create another thread to ask your specific questions.



No no you understand me wrongly.

It was not by installing Electrum (NOT seed phrase). It was by verifiyng the signature with GPG just after the "Generate new key pair".
They ask me to create a secret phrase (I had to choose it myself). It was not by using Electrum but well GPG.
I think it's a new step.

Yes, I must have misunderstood, sorry for that.  You are correct; when you create a GPG keypair the software does prompt you to create a password or a secret phrase.  I'll take a look at the tutorial and make sure it's more clearly mentioned.  Thanks for the suggestion.
newbie
Activity: 23
Merit: 14
-They ask me to create a "secret" sentence (I don't remember in which step sorry but it wasn't in the tutorial I think. except this, the tutorial was gratand really well explained)

Electrum does indeed generate a 12-word secret seed phrase, that's the back up for your wallet.  The seed phrase creation part of the process is beyond the scope of my tutorial, which focuses on verifying the PGP signatures.  If you need help using Electrum there is plenty of information in this sub-forum, or feel free to create another thread to ask your specific questions.



No no you understand me wrongly.

It was not by installing Electrum (NOT seed phrase). It was by verifiyng the signature with GPG just after the "Generate new key pair".
They ask me to create a secret phrase (I had to choose it myself). It was not by using Electrum but well GPG.
I think it's a new step.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
-They ask me to create a "secret" sentence (I don't remember in which step sorry but it wasn't in the tutorial I think. except this, the tutorial was gratand really well explained)

Electrum does indeed generate a 12-word secret seed phrase, that's the back up for your wallet.  The seed phrase creation part of the process is beyond the scope of my tutorial, which focuses on verifying the PGP signatures.  If you need help using Electrum there is plenty of information in this sub-forum, or feel free to create another thread to ask your specific questions.

newbie
Activity: 23
Merit: 14
I have completed it and the signature is verified. So good news Electrum software seems good!

For DireWolf, one complementary info for the tutorial :
-They ask me to create a "secret" sentence (I don't remember in which step sorry but it wasn't in the tutorial I think. except this, the tutorial was gratand really well explained)

Thanks for the help of everyone.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I am not sure 100% that it works because I can't open the file  (.asc) but I guess it's normal because GPG is not installed yet.
Yes, you should first install GPG and then open the file with it.
Pages:
Jump to: