Topic: On Linux, having trouble verifying electrum using gpg (Read 191 times)
You are trusting your linux repo for the rest of the OS so there's no harm in trusting it for electrum as well. The package manager does the verification so you don't have to do it.
There are no compiled binaries in the official repository, only the source code.
Which "official repository" was it downloaded from?
[/quote]
I'm not sure which repository it was, just that is was not from the AUR.
[/quote]
If you are going that way, I think that is not the best way to use Electrum. Instead, I suggest you should use and verify the wallet directly from the official website of Electrum. That way, you are able to use/verify the app directly from Electrum developers. You can refer to @BitMaxz post about that.
[/quote]
This is super helpful info; i'll be redoing the whole thing straight from the website then verify, and yes you're correct: Manjaro >Electrum from Pamac.
Which "official repository" was it downloaded from?
[/quote]
I'm not sure which repository it was, just that is was not from the AUR.
[/quote]
If you are going that way, I think that is not the best way to use Electrum. Instead, I suggest you should use and verify the wallet directly from the official website of Electrum. That way, you are able to use/verify the app directly from Electrum developers. You can refer to @BitMaxz post about that.
[/quote]
This is super helpful info; i'll be redoing the whole thing straight from the website then verify, and yes you're correct: Manjaro >Electrum from Pamac.
If you want to verify it, you should download/use the .appimage Linux binary and its own signatures, and proceed to verify that.
The binary i downloaded from the repo...do you know where or how to get the appropriate sig file, or where its path would be if it installed together with the download? If you could spellout the process on how to verify the linux binary electrum it would be very helpful, thanks
Ideally, all the signature verifying processes have been done by Pacman itself. If you installing that way, the things you need to verify is the Electrum package maintainer/signer from the official repository of your distro. In that case, you have to trust and verify the packager maintainer and signer not to tamper with the direct Electrum source code. See more and how here: pacman/Package signing
If you are going that way, I think that is not the best way to use Electrum. Instead, I suggest you should use and verify the wallet directly from the official website of Electrum. That way, you are able to use/verify the app directly from Electrum developers. You can refer to @BitMaxz post about that.
The binary i downloaded from the repo...do you know where or how to get the appropriate sig file, or where its path would be if it installed together with the download? If you could spellout the process on how to verify the linux binary electrum it would be very helpful, thanks
There are no compiled binaries in the official repository, only the source code.Which "official repository" was it downloaded from?
Home: github.com/spesmilo/electrum
Releases: github.com/spesmilo/electrum/tags
It seems the source where he downloaded the Electrum is not from the official website I found 4.1.5-2 in Github user Archlinux
[/quote]
Thats correct, i got it from my package manager but not sure where the sig file went... so maybe its best to wipe it and start all over. I'll get it from the official site this time since the sig file is right there as well; i'll give that a shot and see if verifying w/gpg works out, thanks
^^
Linux packages has their own naming conventions.
For example in this case: 4.1.5-2 stands for Version 4.1.5, Release 2...
OP, make sure the Electrum file you downloaded from the repo has the same name as the signature file (.asc) and both are in the same directrory then try again to verify it. Not sure if it's going to work with packages, though.
Repo packages aren't updated that frequently, so better download Electrum from the official website (electrum.org) to be sure you are downloading the latest version.
Linux packages has their own naming conventions.
For example in this case: 4.1.5-2 stands for Version 4.1.5, Release 2...
OP, make sure the Electrum file you downloaded from the repo has the same name as the signature file (.asc) and both are in the same directrory then try again to verify it. Not sure if it's going to work with packages, though.
Repo packages aren't updated that frequently, so better download Electrum from the official website (electrum.org) to be sure you are downloading the latest version.
It seems the source where he downloaded the Electrum is not from the official website I found 4.1.5-2 in Github user Archlinux
Here's are the sources
Code:
Package page - https://archlinux.org/packages/?q=electrum
Package sources -https://github.com/archlinux/svntogit-community/tree/packages/electrum/trunk
Package recipe - https://github.com/archlinux/svntogit-community/blob/packages/electrum/trunk/PKGBUILD
Package recipe (raw) - https://raw.githubusercontent.com/archlinux/svntogit-community/packages/electrum/trunk/PKGBUILD
Package sources -https://github.com/archlinux/svntogit-community/tree/packages/electrum/trunk
Package recipe - https://github.com/archlinux/svntogit-community/blob/packages/electrum/trunk/PKGBUILD
Package recipe (raw) - https://raw.githubusercontent.com/archlinux/svntogit-community/packages/electrum/trunk/PKGBUILD
@2647s
It's not recommended to download Electrum from other sources you should only download Electrum on their official website electrum.org
If you want to verify it, you should download/use the .appimage Linux binary and its own signatures, and proceed to verify that.
The binary i downloaded from the repo...do you know where or how to get the appropriate sig file, or where its path would be if it installed together with the download? If you could spellout the process on how to verify the linux binary electrum it would be very helpful, thanks
where do you get 4.1.5-2?
usually, people get all files https://electrum.org/#download
If you want to verify it, you should download/use the .appimage Linux binary and its own signatures, and proceed to verify that.
The binary i downloaded from the repo...do you know where or how to get the appropriate sig file, or where its path would be if it installed together with the download? If you could spellout the process on how to verify the linux binary electrum it would be very helpful, thanks
We already have guides on how to verify Electrum you can check these links below.
- How to verify Electrum signature video guide
- How to check if your Electrum Wallet is legit before using it. (For Linux)
- How to verify your Electrum [Windows, Linux, Mac]
It's a bit outdated so you need to replace the links with the latest version before you verify.
- How to verify Electrum signature video guide
- How to check if your Electrum Wallet is legit before using it. (For Linux)
- How to verify your Electrum [Windows, Linux, Mac]
It's a bit outdated so you need to replace the links with the latest version before you verify.
That's not how GPG verifying works.
The signature(electrum-4.1.5-x86_64.AppImage.asc) you have downloaded is respectively tied to the file that is being represented which is electrum-4.1.5-x86_64.AppImage. While the Electrum you have downloaded is the binary from your distro repository, it can't be checked using the signatures on the Electrum site. Well, it could using command $ gpg --verify /usr/bin/electrum-4.1.5-x86_64.AppImage.asc /usr/bin/electrum, but I believe it will result in a bad signature.
If you want to verify it, you should download/use the .appimage Linux binary and its own signatures, and proceed to verify that.
The signature(electrum-4.1.5-x86_64.AppImage.asc) you have downloaded is respectively tied to the file that is being represented which is electrum-4.1.5-x86_64.AppImage. While the Electrum you have downloaded is the binary from your distro repository, it can't be checked using the signatures on the Electrum site. Well, it could using command $ gpg --verify /usr/bin/electrum-4.1.5-x86_64.AppImage.asc /usr/bin/electrum, but I believe it will result in a bad signature.
If you want to verify it, you should download/use the .appimage Linux binary and its own signatures, and proceed to verify that.
Installed electrum 4.1.5-2 thru my package manager (official repositories) on linux which placed the file to:
/usr/bin/electrum
Manually downloaded the linux sig file from electrum.org and placed in the same directory as electrum and ran the following command:
"gpg --verify /usr/bin/electrum-4.1.5-x86_64.AppImage.asc"
And the following *errors come up:
gpg: no signed data
gpg: can't hash datafile: No data
Does someone in the community know what the issue is here?
/usr/bin/electrum
Manually downloaded the linux sig file from electrum.org and placed in the same directory as electrum and ran the following command:
"gpg --verify /usr/bin/electrum-4.1.5-x86_64.AppImage.asc"
And the following *errors come up:
gpg: no signed data
gpg: can't hash datafile: No data
Does someone in the community know what the issue is here?
Jump to: