Es wäre vielleicht auch gut wenn wir hier irgendwo für Anfänger einen Link posten würden, der sie auf die richtige Downloadquelle verweist?
Electrum würde ich ausschließlich über
https://electrum.org/#download herunterladen.
Hierbei ist es essentiell die Echtheit der heruntergeladenen Dateien via GPG Signatur zu verifizieren. Anbei der Hinweis auf der Website von Electrum:
How to verify GPG signatures
GPG signatures are a proof that distributed files have been signed by the owner of the signing key. For example, if this website was compromised and the original Electrum files had been replaced, signature verification would fail, because the attacker would not be able to create valid signatures. (Note that an attacker would be able to create valid hashes, this is why we do not publish hashes of our binaries here, it does not bring any security).
In order to be able to verify GPG signatures, you need to import the public key of the signer. Electrum binaries are signed with ThomasV's public key. On Linux, you can import that key using the following command: gpg --import ThomasV.asc. Here are tutorials for Windows and MacOS. When you import a key, you should check its fingerprint using independent sources, such as here, or use the Web of Trust.
Quelle: https://electrum.org/#downloadAuf der Website von Electrum findet man ein Tutorial (
How to Verify an Electrum Download on Windows) wie das verifizieren der Signatur funktioniert.
Hier ein Auszug:
Public Key Cryptography to the Rescue
Many Bitcoin users are familiar with the idea of digital signatures. The same idea can be applied to software downloads. The developer signs a download with a private key. Users verify the download using the developer’s public key. A forged file that changes a single bit can be detected with this system, as can a developer who attempts to apply an invalid signature. The standard method for signing binaries is known as Pretty Good Privacy (PGP). Implementations are available for all operating systems.
Quelle: https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-windows/Die jeweilige Signatur der einzelnen Download-Dateien findet sich anschließend hier:
Quelle: https://electrum.org/#download