Author

Topic: How to verify your Electrum [Windows, Linux, Mac] (Read 634 times)

newbie
Activity: 28
Merit: 2
February 17, 2019, 03:20:54 PM
#8


3. then type:

Code:
gpg --recv-keys 2BD5824B7F9470E6

Better if you use:  
Code:
gpg --recv-keys 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6

I have a tutorial waiting on Github.

https://github.com/spesmilo/electrum-docs/pull/84/files
newbie
Activity: 11
Merit: 0
legendary
Activity: 3472
Merit: 10611
Don't work search in Kleopatra
Smb know why?

You probably entered incorrect string, use Tor (sometimes it doesn't work when using Tor in my case) or something wrong happen wit the server (AFAIK they search on https://pgp.mit.edu where i got error 502/503)

i have encountered the same problem without Tor where the pgp.mit.edu server itself is offline and unreachable which is why you also get an error in PGP applications trying to fetch the public key. changing the key server fixes that problem.
Code:
gpg --keyserver pool.sks-keyservers.net --recv-keys 7F9470E6
https://superuser.com/a/1250706
or for Kleopatra i think this article can help: https://www.gpg4win.org/doc/en/gpg4win-compendium_22.html
newbie
Activity: 11
Merit: 0
Don't work search in Kleopatra
Smb know why?
sr. member
Activity: 910
Merit: 351
You can also use GPA in Linux. Just an alternative version (more UI friendly than GPG) of GPG in Linux. I use both though.
copper member
Activity: 236
Merit: 17
Mac:

1. install homebrew from http://brew.sh/

2. using homebrew install gnupg:

Code:
brew install gnupg

3. then type:

Code:
gpg --recv-keys 2BD5824B7F9470E6

you will see these messages:

Quote
gpg: requesting key 7F9470E6 from hkp server pgp.mit.edu
gpg: key 7F9470E6: "Thomas Voegtlin (https://electrum.org) <[email protected]>" 10 new signatures
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:         new signatures: 10

4. download Electrum and sign file (.asc file) from https://electrum.org for example:

Code:
wget https://download.electrum.org/3.3.6/Electrum-3.3.6.tar.gz
wget https://download.electrum.org/3.3.6/Electrum-3.3.6.tar.gz.asc

5. now verify files:

Code:
gpg --verify Electrum-3.3.6.tar.gz.asc Electrum-3.3.6.tar.gz

you will see these messages:

Quote
gpg: Signature made Fri Jan 25 19:51:07 2019 UTC using RSA key ID 7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <[email protected]>"
gpg:                 aka "ThomasV <[email protected]>"
gpg:                 aka "Thomas Voegtlin <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6

as you see in second line it tell us `Good signature`. then that is correct version.

if you see these messages:

Quote
gpg: Signature made Fri Dec 21 22:08:41 2018 UTC using RSA key ID 7F9470E6
gpg: BAD signature from "Thomas Voegtlin (https://electrum.org) <[email protected]>"

that tell you `BAD signature`. then you are in danger or downloaded incorrect .asc file (for example for different version).
 


donation: 1JTBZEprk8pdSUtkQyFLVUy45g6x8cKoyJ

copper member
Activity: 236
Merit: 17
Linux:

1. open a terminal and enter:

Code:
sudo apt-get install gnupg

2. then type:

Code:
gpg --keyserver pgp.mit.edu --recv-keys 7F9470E6

you will see these messages:

Quote
gpg: requesting key 7F9470E6 from hkp server pgp.mit.edu
gpg: key 7F9470E6: "Thomas Voegtlin (https://electrum.org) <[email protected]>" 10 new signatures
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:         new signatures: 10

3. download Electrum and sign file (.asc file) from https://electrum.org for example:

Code:
wget https://download.electrum.org/3.3.6/Electrum-3.3.6.tar.gz
wget https://download.electrum.org/3.3.6/Electrum-3.3.6.tar.gz.asc

4. now verify files:

Code:
gpg --verify Electrum-3.3.6.tar.gz.asc Electrum-3.3.6.tar.gz

you will see these messages:

Quote
gpg: Signature made Fri Jan 25 19:51:07 2019 UTC using RSA key ID 7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <[email protected]>"
gpg:                 aka "ThomasV <[email protected]>"
gpg:                 aka "Thomas Voegtlin <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6

as you see in second line it tell us `Good signature`. then that is correct version.

if you see these messages:

Quote
gpg: Signature made Fri Dec 21 22:08:41 2018 UTC using RSA key ID 7F9470E6
gpg: BAD signature from "Thomas Voegtlin (https://electrum.org) <[email protected]>"

that tell you `BAD signature`. then you are in danger or downloaded incorrect .asc file (for example for different version).
 


donation: 1JTBZEprk8pdSUtkQyFLVUy45g6x8cKoyJ
copper member
Activity: 236
Merit: 17
How to verify Electrum (for Windows, Linux and Mac)

Windows:

1. Download and install gpg4win from here: https://www.gpg4win.org/get-gpg4win.html
 
2. After installation open Kleopatra and click on Lookup on Server.

3. Type 2BD5824B7F9470E6 (ThomasV sign) in Find field and click on Search.

4. Select 'ThomasV' from list or click on Select All and then click on Import
 

  
5. If you want to see a green verification message in last step, follow step 5.1 otherwise click on No and go to step 6.

5.1. To see green verification message, click Yes in dialog that ask you to confirm certification process:



at this point if you haven`t PGP sign, you will be asked to create one. do it by typing your name and email and follow wizard steps and set your key pair password and then click on Finish:



Select all IDs from Certification Dialog and check `I have verified the fingerprint` and click Next and then click Certify, you will be asked to type password you set and then click on Finish:



6. Now download setup file and signature file from official website: https://electrum.org/#download
 


7. click on signature file and you will see verification. if you get green message your version is correct. if you get red message you are in danger! (if you ignored step 5.1 you will get a white message instead green and it is OK too).
 

 


donation: 1JTBZEprk8pdSUtkQyFLVUy45g6x8cKoyJ



 
Jump to: