Topic: [GUIDE] How to Safely Download and Verify Electrum [Guide] - page 5. (Read 51178 times)

In what part of direwolf instructions had you download electrum installer exe?  There was zero mention of this.  All it said was download electrum so I clicked in the installer and then it downloaded.  You are telling me I'm not suppose to click on windows installer and click on standalone executable instead?



Anytime i ever downloaded electrum, I always clicked on windows installer.  I never even heard of anyone clicking on standalone executable to download electrum since the preferred way is always windows installer.  



When you say save electrum installer exe and the signature file asc files on the same directory, can you explain it in a way where someone that isn't that tech savy could understand?  Do i just left it and thats all or i need right click it and save link as?   I had wondered why in the youtube video and in the other instruction they mentioned these two files... since I thought how do you even get an exe file.

Save electrum installer (.exe) and the signature file (.asc) on the same directory and make sure they have the same name (electrum-4.1.5-setup.exe and electrum-4.1.5-setup.asc). Try again and see if this solves the problem.

The proper way to solve this is explained here, though. But, just for the moment, try what I suggested so we don't complicate things any further.

When I right click on the electrum downloaded file and verify... i get a new box that opens


Decrypt/Verify Files - Kleopatra


Choose operations to be performed
Here you can check and, if needed, override the operations kleopatra detected for the input given



Input file:  c:/users/myname/downloads/electrum-4.1.5-setup.exe


No check mark on   Input files is a detached signature


No check mark on   Input file is an archive:  unpack with




Check mark on      Create all output files in a single folder


Output folder:  c:/users/myname/downloads




The only thing i can do on this page is either click on Decrypt/Verify... or cancel


Or


Click on those two input files and make it a check mark...

---

khaled- If you are telling me what I typed below is not what is suppose to show after you right click electrum download setup file and click verify... then I don't know what to say.  


What has me frustrated is when you have people say verifying electrum should not take more than a few minutes, yet the instructions are not even as clear as possible... and three different instruction tutorial shows literally three different ways to verify electrum, that is a problem.


Multiple times already after clicking something or doing something as in the instructions, I get some weird or strange message pop up that I never seen before etc.  I can't believe there isn't an updated video on youtube where someone shows how this is done and you could clearly follow step by step how to do all of this.  That youtube video that I had looked at, even if i followed that video step by step, I would wonder how come it didn't ask me to create a passphrase like in the video after putting in name and a password.

I got what i posted above...

Yes, this is it.

No, click on verify not decrypt/verify.
What do you get?

The electrum I file I downloaded is called


electrum-4.1.5-setup



Is that correct?  I clicked on more gpgex options and verify.



Do i just click decrypt/verify as is?  Or do i need to put a check mark to input file is a detached signature?  If you do that, the singed data line opens  up where you can type something to it.

---

At the bottom theres a check mark on


Create all output files in a single folder


output folder:  c:/uers/myname/downloads

^^
Because you didn't verify the electrum file yet.
As I suggested in PMs, right click on the Electrum file (you downloaded from electrum.org), you should see more gpgex options -> verify, click on it.
After Kleopatra finishes verifying the file, it should show "valid signature" and that's it!

If it shows a warning saying simething like "This key is not certified with a trusted signature", just ignore it since the fingerprint is correct.

I just saw a message of shows certificate successful.  But it doesn't look anything like the pictures in direwolf photos with a popup with green text.  There was nothing like this.  It literally shows a small message in a box that said shows certificate successful and that was it...


Also at no point did it even ask me to create a passphrase to protect my key...

Shows certificate successful.


I now see the user id as certified.  So that is done correctly right?



Now when i click on my certificates, I also see my name and email that i created right above Thomas.  So there is suppose to be my account and Thomas account on all certificates now?


Also, im confused why it shows




All certificates   Imported Certificates  Imported Certificates


Why is there an extra imported certificates tab?  IF you click on either of them, its the same exact thing?




How come I never got to the message  of The software will check the integrity of the .exe file and compare it to the signature file.  If the signature matches the .exe file you'll see a window like this pop up with green text:  Also when am i suppose to click on signatures next to windows installer?  You said I have to do this in the end.

Yes.

I right clicked on the Thomas Voegtlin and just deleted it.  Then I clicked import and imported the same ThomasV.asc file.  Now I see what I believe I'm suppose to see



Certify Certificate:  Thomas Voegtlin (https://electrum.org) - kleopatra

Finger print  6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
Only the fingerprint clearly identifies the key and its owner
Certify with    white check mark with green background my name- my fake email


Then you see the three Thomas with check mark on each three of these.




Click certify?

I know its supposed to be simple.  Just look at my post above to see what shows up in my next page after i enter a name just fake email address.  It gives me a key pair long key.  Then i just click next and now im in a page where I never seen before in any instruction.

This makes zero sense.


After I entered my name and put in a fake email address.. i just put [email protected] then clicked next.  It showed a key pair i created?  Why does it do that?  I wrote it down on paper anyway.


Then I click next and it shows


Certify Certificate  - Kleoptra


Fingerprint

Only the fingerprint clearly identifieds the key and its owner.


Certify with   -   Shows check mark with my name -  [email protected] (certified, created today's date)   You can click on the dropdown menu on this but its only option



You can't even click on certify.  Its that or cancel.  There is also advanced and when I click it it opens


Certify for everyone to see (exportable)  unchecked

Expiration   unchecked

Certify as trusted introducer   unchecked



What in the world is this?

No, you can just use any combination, you won't be asked to confirm it. Remember, you just need to verify the authenticity of a file. Not, to communicate using PGP. Have you managed to certify Thomas or not yet?

This is supposed to be simple, I don't understand what's the hassle.

Okay I am on imported certificates and right click certify.


Then i get message to first create an OpenPGP certificate for yourself.  Do you wish to create one now?  I click yes.


I still need to enter a name and email right?  Does the email need to be an email I use and have access to?  It shows optional but I can put a fake name but make sure the email is an email i have access to?  I don't want to use my primary email for this but should I?  I do have a few other emails.  So use that?

What I typed above is under imported certificates.  If I click on All certificates, its the same thing there... EXCEPT you can't see the full words not certified and its like not cer...   and you don't see the full key-id... unless you stretch it?



If I rlght click on Thomas Voegitlin under all certificates or imported certificates, yes i can click on certify.



Do i do this under imported certificates or all certificates or it doesn't matter?

I closed kleoptra and reopened it.


it displays the same thing before I closed it





Name                                                                 email                               user id                          valid from        valid until    key-id


Thomas Voegtlin (https//electrum.org)                  [email protected]       not certified                     6/5/2011                      xxxxxxxxxxxx



The key id contains numbers and letters but i just typed xxxxxxxxx.



I assume I need to right click on the whole thing and delete it?  Then click import and click on the ThomasV.asc file again?  Because if I just import the same file again... it would show like two of these files?

Please don't edit your posts frequently, because I don't know where/if I should respond.

Thomas' key is probably imported, even though it didn't prompt you this "certify" message. What does it show you in All Certificates (main form of Kleopatra)? You should see a "Thomas Voegtlin". Right click to it and click "Certify".

Whether you follow DireWolf's instructions or the YouTuber's, you're going to have it verified.

https://www.youtube.com/watch?v=lCG3c8a7HZI


So the message that showed up for me after I imported that ThomasV key is what you see right at the beginning of 3:52.  Its the first box you see with the Certificate Import Result- Kleopatra which show the total number processed, imported, changed.  I remember the numbers shown was the exact ones on that video.  That was the box I closed.  I then just X it instead of clicking okay.  But that message of you have imported a new certificate key where it ask you to certify... I never saw this message.



The video... I used it as reference but I am still following direwolf instructions as others suggested to just follow direwolf instructions here.  So what do i do now?  Do I close kleopatra and reopen it and do the samet hing again?

Kleopatra probably wants you to create a pair, even though it's not required if you just want to verify a signature of an executable. Anyway, create it, it's not toilsome. Do it just to move on.

As for your question, you probably need to repeat it, yeah. Would you mind sharing the video?