Recently I saw this 2-step guide for linux, and if you use linux it is very simple and straightforward.
But if you use Windows, which many beginners do, the process is a little bit more complicated.
This is a step by step guide how to do that on Windows 7 with the latest electrum 3.1.3.
1. Go to PGP4Win website and download pgp for windows.
https://www.gpg4win.org/get-gpg4win.html
Note: You don't have to donate anything (choose $0) but you can if you would like to support the project. Once the file is downloaded, install the package. The default options are fine.
2. Download the Electrum setup file. Go to the Electrum website:
https://electrum.org/#download
Download the Windows installer and the signature file (right click on signature and "save link as...")
At this point you should have these two files somewhere on your computer:
electrum-3.1.3-setup.exe
electrum-3.1.3-setup.exe.asc
For now, don't install Electrum. We have to check it first.
3. Next step is to get the ThomasV's ID key. It is 7F9470E6 (this is the short id of his public key)
If you don't believe me (and you shouldn't probably since you don't know me), you can see it for yourself. Go to the download page of Electrum once again. Find the line near the top saying:
Sources and executables are signed by ThomasV.
Click on the ThomasV. link.
You will land on the following page:
where the keyID of ThomasV. can easily be identified.
4. Open the windows command prompt [(Win + R keys) and then type cmd].
Navigate to the folder where your downloaded electrum-3.1.3-setup.exe and electrum-3.1.3-setup.exe.asc files are
5. Import the ThomasV's key.
6. Finally, verify the setup file:
(Note: the order is important, first the signature file, then the file to be verified)
If the installation file is genuine, the output of the above command should contain a line like this:
If the output contains a line like this:
you can safely disregard the warning.
Now you can be sure that the downloaded Electrum is indeed legit, and you can safely install it on your system.