Author

Topic: How can I validate Electrum Windows version download ? (Read 976 times)

legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Yes I have imported Thomas V key in Kleopatra. Right now I have that key and also an earlier one I imported for another software (armoury).
But what use is this key if when selecting in Kleopatra File-Decrypt/Verify Files it only asks for the EXE and the ASC file, no mention of the certificate?
https://s24.postimg.org/v212s0kth/pic_certificate_in_kleopatra.jpg
My bad. Not particularly familiar with that PGP program. The asc file is the signature of the exe file using ThomasV's key. Hence, if the asc file verifies that the program signs using the key and the PGP key is what you imported, the client would tell you that the program is signed by ThomasV.

Okay, lets check the steps:
1. The asc file should be: electrum-2.7.12-setup.exe.asc[1]
2. The program file should be 38.7MB.[2]

It is likely that the 2nd is the problem.

[1] https://download.electrum.org/2.7.12/electrum-2.7.12-setup.exe.asc
[2] https://download.electrum.org/2.7.12/electrum-2.7.12-setup.exe
full member
Activity: 204
Merit: 100
Thanks for your explanation.
I am trying to do it as in an older thread (https://bitcointalksearch.org/topic/help-with-checking-signature-of-electrum-download-1113222) which says:

Download Animazing's PGP key   (<--- replace with ThomasV)
Open up Kleopatra and go to File > Decrypt/Verify Files ...
Select the the electrum-2.3.2-setup.exe.asc.
Check the box for detached signature.
Click the button next to the first text box and select the setup exe file.
Click Decrypt/Verify and it will verify the signature.


But I'm getting:
https://s23.postimg.org/gobm4576z/electrum_signature_bad.jpg

[img]https://s23.postimg.org/gobm4576z/electrum_signature_bad.jpg[img]

Also don't know about the first step of downlowding the PGP key. I did so anyway, it's in Kleopatra with Thomas Voegtlin.


?
You are supposed to import the PGP key.

Since you didn't import it, the client does not know whose PGP key is 0x2BD5824B7F9470E6. Your pgp client would probably not say that the PGP key is fine if you don't import/specify that the client should ensure that the signature should verify to 0x2BD5824B7F9470E6.

Since it does indeed verifies that 0x2BD5824B7F9470E6(ThomasV's key) has signed the program, the program is authentic.

Yes I have imported Thomas V key in Kleopatra. Right now I have that key and also an earlier one I imported for another software (armoury).
But what use is this key if when selecting in Kleopatra File-Decrypt/Verify Files it only asks for the EXE and the ASC file, no mention of the certificate?
https://s24.postimg.org/v212s0kth/pic_certificate_in_kleopatra.jpg
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Thanks for your explanation.
I am trying to do it as in an older thread (https://bitcointalksearch.org/topic/help-with-checking-signature-of-electrum-download-1113222) which says:

Download Animazing's PGP key   (<--- replace with ThomasV)
Open up Kleopatra and go to File > Decrypt/Verify Files ...
Select the the electrum-2.3.2-setup.exe.asc.
Check the box for detached signature.
Click the button next to the first text box and select the setup exe file.
Click Decrypt/Verify and it will verify the signature.


But I'm getting:
https://s23.postimg.org/gobm4576z/electrum_signature_bad.jpg

[img]https://s23.postimg.org/gobm4576z/electrum_signature_bad.jpg[img]

Also don't know about the first step of downlowding the PGP key. I did so anyway, it's in Kleopatra with Thomas Voegtlin.

?
You are supposed to import the PGP key.

Since you didn't import it, the client does not know whose PGP key is 0x2BD5824B7F9470E6. Your pgp client would probably not say that the PGP key is fine if you don't import/specify that the client should ensure that the signature should verify to 0x2BD5824B7F9470E6.

Since it does indeed verifies that 0x2BD5824B7F9470E6(ThomasV's key) has signed the program, the program is authentic.
full member
Activity: 204
Merit: 100
Thanks for your explanation.
I am trying to do it as in an older thread (https://bitcointalksearch.org/topic/help-with-checking-signature-of-electrum-download-1113222) which says:

Download Animazing's PGP key   (<--- replace with ThomasV)
Open up Kleopatra and go to File > Decrypt/Verify Files ...
Select the the electrum-2.3.2-setup.exe.asc.
Check the box for detached signature.
Click the button next to the first text box and select the setup exe file.
Click Decrypt/Verify and it will verify the signature.


But I'm getting:
https://s23.postimg.org/gobm4576z/electrum_signature_bad.jpg

The message is:
electrum-2.7.12.exe.asc: invalid signature
Signed with unknown certificate 0x2BD5824B7F9470E6
The sigature is bad

[img]https://s23.postimg.org/gobm4576z/electrum_signature_bad.jpg[img]

Also don't know about the first step of downlowding the PGP key. I did so anyway, it's in Kleopatra with Thomas Voegtlin.

?
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Can someone point me to how to do this as I couldn't find any information on the official website?
It's there in the download page. All the downloads are signed with ThomasV's signature.

Download the signature file (.asc) and use a PGP program to verify it. Pretty good tutorial here:https://www.torproject.org/docs/verifying-signatures.html.en.

So, replace the .asc and the program file with Electrum's and ThomasV's key is 0x2BD5824B7F9470E6.
Thanks and Happy New Year $1024 bitcoin right now Wink
Happy new year! Oh hell, I sold some coins at $900.
full member
Activity: 204
Merit: 100
Can someone point me to how to do this as I couldn't find any information on the official website?

Thanks and Happy New Year $1024 bitcoin right now Wink
Jump to: