Topic: [GUIDE] How to Safely Download and Verify Electrum [Guide] - page 2. (Read 20665 times)

you have to reverify every single time electrum has update?

you have to reverify every single time electrum has update?

Can electrum import the wallet from a WIF hdseed?

Lol, a lot of folks seem to get frustrated with jerry, but he doesn't bother me at all.  I imagine he's not very experienced with computers, and trying to learn general computing and crypto at the same time would be daunting for any of us.

~

Now, do i need to update electrum again if i plan to use it?

Well i kind of don't want to use electrum anymore.  Haven't used it in years and only used ledger live with the nano ledger s.

How old of an electrum can you still use without it having problems?  For example i mention the electrum version that i have on my windows pc that i installed and verified not that long ago.  But how often does electrum have an update?  Once every... how many months?  

Also when did people actually starting verifying electrum.

-snip- But is that the same with electrum or you need to verify the hash each and everytime with electrum?

Now, do i need to update electrum again if i plan to use it?

Partially correct: You won't be able to certify (sign) another persons key without your own, but you can indeed verify signed messages without your own key pair.  Technically you don't even need to download the public signing key.  The results will indicate that the message was signed by xyz key, but also mention that they key is unknown or unavailable.  As long as you're willing to confirm that key xyz is they key you expected to have signed the message you don't actually need any keys in your keyring.

Trust in a key's owner

In practice trust is subjective. For example, Blake's key is valid to Alice since she signed it, but she may not trust Blake to properly validate keys that he signs. In that case, she would not take Chloe's and Dharma's key as valid based on Blake's signatures alone. The web of trust model accounts for this by associating with each public key on your keyring an indication of how much you trust the key's owner. There are four trust levels.

unknown: Nothing is known about the owner's judgement in key signing. Keys on your public keyring that you do not own initially have this trust level.

none: The owner is known to improperly sign other keys.

marginal: The owner understands the implications of key signing and properly validates keys before signing them.

full: The owner has an excellent understanding of key signing, and his signature on a key would be as good as your own.

[...]

Using trust to validate keys

The web of trust allows a more elaborate algorithm to be used to validate a key. Formerly, a key was considered valid only if you signed it personally. A more flexible algorithm can now be used: a key K is considered valid if it meets two conditions:

1.) it is signed by enough valid keys, meaning
- you have signed it personally,
- it has been signed by one fully trusted key, or
- it has been signed by three marginally trusted keys; and

2.) the path of signed keys leading from K back to your own key is five steps or shorter.

The path length, number of marginally trusted keys required, and number of fully trusted keys required may be adjusted. The numbers given above are the default values used by GnuPG.

GPG keys can be created but with skipping the password step, by using the command line gpg --gen-key and following the on-screen instructions listed.

I believe that verifying the key does not require your own key  (and hence password) either - at least on command-line (I once verified a message from someone else's public key without my own key, but maybe I'm  misremembering. I do know that you have to set the key to be trusted while importing it though.

No no you understand me wrongly.

It was not by installing Electrum (NOT seed phrase). It was by verifiyng the signature with GPG just after the "Generate new key pair".
They ask me to create a secret phrase (I had to choose it myself). It was not by using Electrum but well GPG.
I think it's a new step.

No no you understand me wrongly.

It was not by installing Electrum (NOT seed phrase). It was by verifiyng the signature with GPG just after the "Generate new key pair".
They ask me to create a secret phrase (I had to choose it myself). It was not by using Electrum but well GPG.
I think it's a new step.

Electrum does indeed generate a 12-word secret seed phrase, that's the back up for your wallet.  The seed phrase creation part of the process is beyond the scope of my tutorial, which focuses on verifying the PGP signatures.  If you need help using Electrum there is plenty of information in this sub-forum, or feel free to create another thread to ask your specific questions.

-They ask me to create a "secret" sentence (I don't remember in which step sorry but it wasn't in the tutorial I think. except this, the tutorial was gratand really well explained)

I am not sure 100% that it works because I can't open the file  (.asc) but I guess it's normal because GPG is not installed yet.