Author

Topic: md5 or sha1 for Electrum 3.0.1 (Read 342 times)

sr. member
Activity: 443
Merit: 260
November 11, 2017, 05:51:35 AM
#8
OK, thank you very much for your explanation!
HCP
legendary
Activity: 2086
Merit: 4361
November 11, 2017, 03:13:04 AM
#7
What the output is showing you, is that the file is indeed signed by ThomasV's key:
Quote
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <[email protected]>" [unknown]
gpg:                 aka "ThomasV <[email protected]>" [unknown]
gpg:                 aka "Thomas Voegtlin <[email protected]>" [unknown]

However, because you have not explicitly stated that you trust that key (ie. it's not in your personal circle of trust) nor is it trusted by any of your "trusted" signatures... you end up with the "scary" warning:
Quote
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.

If you are satisfied that the key you have for ThomasV is trustworthy... and that ThomasV is a trustworthy person (because if you trust ThomasV, depending the level, by default you'll trust HIS trusted keys), you can add ThomasV's key to your list of trusted keys... then when you check the signatures, you won't get the warning.

As mentioned, there are various levels of "trust", and it can be a very subjective thing. Refer: https://www.gnupg.org/gph/en/manual/x334.html for more info
sr. member
Activity: 443
Merit: 260
November 11, 2017, 02:21:15 AM
#6
Well I tried a few other commands incluing creation of my private key. Maybe this did it?

Anyway: The second command gives me:

Code:
D:\Programme\Electrum>gpg --verify electrum-3.0.1.exe.asc electrum-3.0.1.exe
gpg: Signature made 11/06/17 19:44:36 Mitteleuropõische Zeit
gpg:                using RSA key 2BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) " [unknown]
gpg:                 aka "ThomasV " [unknown]
gpg:                 aka "Thomas Voegtlin " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6

Btw: I want to check the Standalone Executable and not the installer, but this shouldn't be the issue I think.

Ah OK: So I can Ignore the WARNING? ... Because it kind of reads serious :-)
HCP
legendary
Activity: 2086
Merit: 4361
November 11, 2017, 02:14:35 AM
#5
That looks OK... seems that you already have the key loaded on your system? Huh

Did you download the .asc file? you might need to right click on it and select "save link as"... save it in the same folder as the .exe

Then just try running the 2nd command: gpg --verify electrum-3.0.1-setup.exe.asc electrum-3.0.1-setup.exe

sr. member
Activity: 443
Merit: 260
November 11, 2017, 02:02:40 AM
#4
Thank you both ... I want to try GnuPG but I believe I need some troubleshooting

Yes I am on Windows and installed GnuPG.

But the first command results in

Code:
D:\Programme\Electrum>gpg --recv-keys 7F9470E6
gpg: key 2BD5824B7F9470E6: 75 signatures not checked due to missing keys
gpg: key 2BD5824B7F9470E6: "Thomas Voegtlin (https://electrum.org) " not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
HCP
legendary
Activity: 2086
Merit: 4361
November 11, 2017, 01:49:49 AM
#3
i am assuming you have windows and here are the hashes for Windows Installer (https://download.electrum.org/3.0.1/electrum-3.0.1-setup.exe). use at your own risk.

MD5
Code:
1c21679b30d38d3d9968cb9cb8cff65b

SHA1
Code:
97c20adb2bd07b3a5d8bf22d59740b7b608b8d72
If it makes you feel any better... and it probably shouldn't, because MD5 and SHA1 don't really prove much... but I got the same hashes as Pooya87

Quote
---------------------------
Checksum information
---------------------------
Name: electrum-3.0.1-setup.exe
Size: 27657120 bytes (26 MB)

SHA1: 97C20ADB2BD07B3A5D8BF22D59740B7B608B8D72
Quote
;     27657120  00:30.23 2017-11-08 electrum-3.0.1-setup.exe
1c21679b30d38d3d9968cb9cb8cff65b *electrum-3.0.1-setup.exe
legendary
Activity: 3472
Merit: 10611
November 10, 2017, 11:44:53 PM
#2
i would recommend that you check the PGP signatures instead, specially if you are about to store some funds in this wallet that you jut downloaded. it is not hard to do it under windows. https://ssd.eff.org/en/module/how-use-pgp-windows
and it is super easy in Linux.

i am assuming you have windows and here are the hashes for Windows Installer (https://download.electrum.org/3.0.1/electrum-3.0.1-setup.exe). use at your own risk.

MD5
Code:
1c21679b30d38d3d9968cb9cb8cff65b

SHA1
Code:
97c20adb2bd07b3a5d8bf22d59740b7b608b8d72


an screenshot of the steps:
sr. member
Activity: 443
Merit: 260
November 10, 2017, 04:13:26 PM
#1
Hello,

Can someone post a valid md5 or sha1 hash for Electrum 3.0.1.

I downloaded the file and want to check it before running.

I don't have PGP and a Google search showed that this will not be a quick check if you don't have the software and so on Smiley
Jump to: