Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Author

Topic: [Resolved] how can i check the Integrity and Authenticity of wallet install file (Read 1242 times)

pooya87
legendary
Activity: 3472
Merit: 10611
[Resolved] how can i check the Integrity and Authenticity of wallet install file
May 08, 2017, 01:12:01 PM
#14
Quote from: Abdussamad on May 08, 2017, 07:09:32 AM
Quote from: pooya87 on May 08, 2017, 01:08:45 AM
maybe the method these different versions use to come up with the hash is different so they get a different pubkey but pointing to same thing. have to look deeper in PGP documentations for that

Hash collisions are possible which is why I've said above that you should use the full key fingerprint. If you use a truncated fingerprint (hash) then the chances of a collision are very real. With the full fingerprint there is no chance at all.

i see your point but i wasn't talking about hash collisions. i am saying the difference between these keys is because they are using different versions meaning SKS versus GnuPG.
it is all in the formatting the keyserver uses to store the public keys on their servers.

you can read this reply here: https://security.stackexchange.com/questions/29574/why-are-my-gpg-public-key-on-my-machine-and-on-the-key-server-different#comment45875_29576
Abdussamad
legendary
Activity: 3682
Merit: 1580
Re: [Resolved] how can i check the Integrity and Authenticity of wallet install file
May 08, 2017, 07:09:32 AM
#13
Quote from: pooya87 on May 08, 2017, 01:08:45 AM
maybe the method these different versions use to come up with the hash is different so they get a different pubkey but pointing to same thing. have to look deeper in PGP documentations for that

Hash collisions are possible which is why I've said above that you should use the full key fingerprint. If you use a truncated fingerprint (hash) then the chances of a collision are very real. With the full fingerprint there is no chance at all.

pooya87
legendary
Activity: 3472
Merit: 10611
Re: [Resolved] how can i check the Integrity and Authenticity of wallet install file
May 08, 2017, 01:08:45 AM
#12
Quote from: Fragbait on May 07, 2017, 03:49:32 PM
...
Appears the key has been changed. ThomasV himself stated that it's just a copy-paste confusion(?). They key in the link you provided starts looking like the same key you quoted for the first 11 lines, but then it changes on the 12th line. See the last line for example, in your version it's =Tisf and at the url you provided it's =ibXJ.

Someone please explain what's going on.

i'll admit i have no idea why there is a difference!
the only difference i can see is between the version these signatures are using.
the quote is "Version: SKS 1.1.5"
the github one is "Version: GnuPG v1.4.11 (GNU/Linux)"
on mit servers is "Version: SKS 1.1.5"
https://pgp.mit.edu/pks/lookup?op=get&search=0x2BD5824B7F9470E6
same as http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x2BD5824B7F9470E6

maybe the method these different versions use to come up with the hash is different so they get a different pubkey but pointing to same thing. have to look deeper in PGP documentations for that
Abdussamad
legendary
Activity: 3682
Merit: 1580
Re: [Resolved] how can i check the Integrity and Authenticity of wallet install file
May 07, 2017, 10:00:45 PM
#11
you can download the key from the github repo too:

https://github.com/spesmilo/electrum/blob/master/pubkeys/ThomasV.asc

The full fingerprint is given below. It is not possible to substitute a fake key if you use the full fingerprint to fetch it using gpg:

0x6694D8DE7BE8EE5631BED9502BD5824B7F9470E6

I created a script that downloads, verifies and offers to install electrum for you:

https://github.com/BitcoinsPakistan/electrum-install
Fragbait
full member
Activity: 205
Merit: 100
Re: [Resolved] how can i check the Integrity and Authenticity of wallet install file
May 07, 2017, 03:49:32 PM
#10
Muhammed Zakir
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
Re: [Resolved] how can i check the Integrity and Authenticity of wallet install file
June 21, 2015, 01:05:13 AM
#9
Quote from: pooya87 on June 21, 2015, 12:58:55 AM
i saved both files (tar.gz and .asc) in one folder and did the pgp --verify but it didn't work:

[ img]https://i.imgur.com/U4O9r8r.jpg[/img]

It looks like you didn't import PGP public key. Look my post above.
pooya87
legendary
Activity: 3472
Merit: 10611
Re: [Resolved] how can i check the Integrity and Authenticity of wallet install file
June 21, 2015, 12:58:55 AM
#8
i saved both files (tar.gz and .asc) in one folder and did the pgp --verify but it didn't work:

twister
hero member
Activity: 672
Merit: 502
Re: [Resolved] how can i check the Integrity and Authenticity of wallet install file
June 20, 2015, 01:42:34 PM
#7
I think I'll do the checking the integrity part on my windows machine, the version of gpg I use on linux, let's just say it's a bit complicated (don't ask me how Cheesy).

You're right, I think earlier I did saw a MD5 or SHA1 checksum for electrum downloads, I don't see them any more. But still I think there should be an easier way, telling someone that they need to install gpg before downloading electrum to verify it's integrity will get their eyes to roll.
Muhammed Zakir
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
Re: [Resolved] how can i check the Integrity and Authenticity of wallet install file
June 20, 2015, 01:00:13 PM
#6
Quote from: twister on June 20, 2015, 12:47:34 PM
Hm.. it might be that I was using different key to verify the different signature, will try again and see how it goes.

Did you import both keys?

Quote from: twister on June 20, 2015, 12:47:34 PM
I think there should be an easy of verifying the integrity of the downloads, I mean a newbie downloading electrum wouldn't know how to use pgp if he is not too technically advanced.

Earlier, people used to use MD5 or SHA1 checksums for verifying. Nowadays, PGP is widely used. I don't think there is an easier way and this not hard. An average user can verify easily with the help of tutorials. Installing GPG in Windows is pretty straightforward and in Linux, you only need run one or two commands. After this, running the command I posted above will do.
twister
hero member
Activity: 672
Merit: 502
Re: [Resolved] how can i check the Integrity and Authenticity of wallet install file
June 20, 2015, 12:47:34 PM
#5
Muhammed Zakir
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
Re: [Resolved] how can i check the Integrity and Authenticity of wallet install file
June 20, 2015, 10:54:15 AM
#4
Quote from: twister on June 20, 2015, 09:33:34 AM
Em.. what if someone doesn't have gpg installed, is there another way of doing this, maybe online?

Which PGP client are you using? I don't remember of any website which offers signature verification.

Quote from: twister on June 20, 2015, 09:33:34 AM
I don't know what I am doing wrong but I am getting signature not verified. :-/

Make sure you use right PGP signature and public key when verifying.

Verify these using Anizmazing's PGP key:

Standalone Executable - https://download.electrum.org/electrum-2.3.2.exe - https://download.electrum.org/electrum-2.3.2.exe.asc
Windows Installer - https://download.electrum.org/electrum-2.3.2-setup.exe - https://download.electrum.org/electrum-2.3.2-setup.exe.asc
Portable version - https://download.electrum.org/electrum-2.3.2-portable.exe - https://download.electrum.org/electrum-2.3.2-portable.exe.asc

Verify these using ThomasV's PGP key:

Electrum-2.3.2.tar.gz - https://download.electrum.org/Electrum-2.3.2.tar.gz - https://download.electrum.org/Electrum-2.3.2.tar.gz.asc
Electrum-2.3.2.zip - https://download.electrum.org/Electrum-2.3.2.zip - https://download.electrum.org/Electrum-2.3.2.zip.asc

Quote from: http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x2BD5824B7F9470E6
ThomasV's PGP public key

Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.5
Comment: Hostname: keyserver.oeg.com.au

mQINBE34z9wBEACT31iv9i8Jx/6MhywWmytSGWojS7aJwGiH/wlHQcjeleGnW8HFZ8R73ICg
vpcWM2mfx0R/YIzRIbbT+E2PJ+iTw0BTGU7irRKrdLXReH130K3bDg05+DaYFf0qY/t/e4WD
XRVnr8L28hRQ4/9SnvgNcUBzd0IDOUiicZvhkIm6TikL+xSr5Gcn/PaJFS1VpbWklXaLfvci
9l4fINL3vMyLiV/75b1laSP5LPEvbfd7W9T6HeCX63epTHmGBmB4ycGqkwOgq6NxxaLHxRWl
fylRXRWpI/9B66x8vOUd70jjjyqG+mhQ+1+qfydeSW3R6Dr2vzDyDrBXbdVMTL2VFXqNG03F
Ycv191H7zJgPlJGyaO4IZxj++O8LaoJuFqAr8/+NX4K4UfWPvcrJ2i+eUkbkDJHo4GQK712/
DtSLAA+YGeIF9HAnzKvaMkZDMwY8z3gBSE/jMV2IcONvpUUOFPQgTmCvlJZAFTPeLTDv+HX8
GfhmjAJYT5rTcvyPEkoq9fWhQiFp5HRpYrD36yLVrpznh2Mx7B1Iy8Rq/7avadwVn87C6scJ
ouPu+0PF3IeVmYfCScbfxtx1FaEczm8wGBlaB/jkDEhx0RR8PYKKTIEM7T2LH2p6s/+Ei4V7
mqkcveF/DPnScMPBprJwuoGNFdx2qKmgCKLycWlSnwec+hdyTwARAQABtBlUaG9tYXNWIDx0
aG9tYXN2MUBnbXguZGU+iEYEEBECAAYFAlK79TYACgkQ0dQqIfkZdf409gCaA4Ac9LZ8zOEG
mD2pcb418UcMP8YAn16BdsIFd6/e1kxCx5jlyyJBEnqAiEoEEBECAAoFAlNDyN4DBQF4AAoJ
EEoPd0j1vMP5kqkAn0N84aSq5iAW3Jh4cgAZCYmwuDbMAKCTrP5y5sffd4Z8r0lpRl4VKcWX
LokBHAQQAQIABgUCUwxcjAAKCRAiRTAEaVUG/dQRB/9fLhCf+/RI5NY8gqLKZ6KEmGIGqFzd
wMcn8v/ft2pPY3Mer8lYYrzyzXjbIqI39hmMWDWZLsu2B6CjtFanNMJ3cLDEZ1+ghvrK+AXH
Oj3hWwMElaR/vpFhh8bGYIoY1fw78Agyng+dbANmUIjl/tl5XBITTgRcfKSWNlaWBoJ40qMJ
ibvySkEcPVPwUPsxq4qwxmm5kbd2NHbGSV7eZjasWqPn4JK04E6EpDKeTtC4cKG+Rkf9iDfV
qR9m3E/7bHgyFCdroRBdUEncgkHSl8DD7IDtoEYvctMcuNBqGZ0eP25tRV068gZfA13LsPWf
uquQ17eYXR5k869o0xpWP3baiQIcBBABAgAGBQJTOsXkAAoJEFNGp4NmZoSMTa4P/AqxU9+Q
/YQUOJv12ILPwm+MxnczqP+Z5jCt1Y1x8cJaJjv8LLFC5Y3GOFycgPfvygwH3Lzc8ERo/e7C
4uoYSyMnWXYQozz8id5wJ4ARufH3zq8lbNW2S+1kR9qMdERIXkmXTpwUmb+BZtshEApx6zn5
qUoHrM/JJhcKv0L91dWPkfxkOW1FQMfdAQz6MStLBQqYKSrCIcN9qXwxGFEa8oFLbfNXWmg7
G7t49Yo0dkODKVgmP24RTuPLWeOq2lhSwZAV5ngayD0N2CqkteTDaOcDr0GwjRM4RDCvSAuU
pmOkhgizdKMh6LYgorcJU1RyA9Pcww6B563sqH2NE8jU/jkTTwPJAAoJ48wSxUO0MPev1fB2
ho5S35WsA+AD8mE7ZpdChOzusZVuS96dWfIFm8MHgooxuHVbDQD03EBp1hiS37mfrQ9wO0zy
aIxcc93Qeu+AOzuMYmHxamVk4/+oAFgiX3iqwoi4yI9QJL+VAo+ukucSYjbiCgvatfD7E5hx
R9Qhkyc9uELgQvyXjjdu5VHzbXiOdo7ChqXQDGeynznzettaZFeNXcdcACmvRZZAxS5BU4W+
NDCjbU/Izejg2oYB7OeM93BG1ahrbIje/ohw/J7otiyQ9NKDrnj6vXPoeAhAH49yAvA97R2O
l0CESCQ2e+ibpjjiOCDY7G8ZEv+ciQIcBBABAgAGBQJUgwLkAAoJEB5euZ5W4CLtSJcP/2gB
8OIoADgmoxQl7/55a0FX3EHxWT/owx7819BQn1j3+NW6mcKVvCbYz8l4POQ1gy9Cm06EUPgr
D3IdMwO//Bi+ugnTHQmfNTy071vM5aj4Q2QzdETSEnNUISZ399H1TYLsaJG2OvJ0Hzt0oFAU
hRWHONuDs0Fu89sqACLjra2lv6sf6EnBN40UTInhw0Pl8jqS+gb7q2aaWM3rWzn3mZ+p6xnQ
iYvUN3DadOVB0Y8YMG3fmEd+nSdOD2APYKgzXH2EGauuov54TbY08nikZIDO+SISlq4XYX/z
eu0abW0rpVxVTjYQoaM+4byGZSWj+sj/qX1eonwuKdGfdUxYrq7bjrlpAfIZrbImNIRy5Hfb
UzFBMl59tQcgbikpqA9u2sSOhEJEqkeCezG2mA6FP3gIkVXKzue+b/Mb96oesAQ0Zcpz++rV
rqkWcoiRhIbg4FMQAvtoeY5hWe0meANWuE6iwhlWpybYYSFLXggUJK2I5qiEZ35WRyfvZQXz
zAUD+xNV3KTFoOWBbrEDhvmcx0JTWWBUegeAWpgveNqcjvNhb+67fnXxp8QCMzcigseGE7u7
V4ul/s/6a1/vHbahrzcV3egY0R/LM41f+mM8oyAjw25ibpMnC3rdUwOeJKWtMAkm05MDZbKZ
TWwXUoiATekApgVIH45+4KSy6I4oZ0DAiQIcBBABCgAGBQJTTMnnAAoJEHhT2k1JiBrT2GMQ
AK5WbrYeb1Ox4f0o55jnnymiIXi0kHD1DWlCzDnO9kBPW88CaJEi6dh3yE8vwv/dt5HoScta
g3FxD+asaJKpUWhoK/o8XQbdHTKmqJbSZd6p5+i3TfZJbgI5Wbh/Cf9H9QWUUgutLP+8h/KH
q7bC/4x5tNGUDIZkr/0HdoJP+3itBAPkTAJvs8X7+BJ+xGaWWyq+rd1/BQB/4IpeyBpysWyV
gR8xsXXZjVj07VZs074eRrI7A0OpY/Pbpi4UzHnXyFQquEVr9HL+55Iktc14fVxQfuex2zQl
8F0EpsSU4bOMxBWGJhsKSoK6oyqDbXu43m1KIsewQwSzWcwVse73NgY66BthmFyvDborh8iL
qmCBLsunhawsx8oZACIUqVUD7J7d6wJObM+qq4QWj5NfNK0L1X0uLgLGLtzneR4CnX8/XA+5
jlMbZ/73cSciV2iNdadnfFnvCaok6q38AT4wYshOazWgV1I2u7lIs54TzVeAB13B1DwuAWeA
wp8DFQ883lP1aSpxlrcxeVQx1zbq3/X0X8RlfDJMevprYuZ0i/0hd5aDosR1u3WWHB/UBJBY
Ga5ZDsVPy7Ptb4FzZbZN7ZdazzxEfO0AZ2wnWzwQZT2ab5GNFRdqVkbH8+347StdTnhEQPyo
/eA3+iAdbXjzoehdc7wQcBBLGd0cax0S1HLriQI4BBMBAgAiBQJN+M/cAhsDBgsJCAcDAgYV
CAIJCgsEFgIDAQIeAQIXgAAKCRAr1YJLf5Rw5hlhD/9T4I/sBCleS9nHnjTJqcOnG28c9C3C
RYIizjEui/pKmXz9fB1N9QrCaruPUQx2UacDVCl6dKxac+7ss3/a6lsjaRn0/2OM/sCVLScy
xNPNPQs2b6jkodSNPIM8zv51g+flhwtfrO6h6B4jIhZgSjFdvqtZd5jaly9rA0uMX045CC4K
6HGnq8n4F2p31z0L0LaHBf5EcsCM0MMpQVkY0aUrNg9uVMGXBHn3osHnOtQaODqcIbpa/OG+
Tlt6pVOiDJ7i8TkpQKT7sOaMVdL//TEoDIOC7qVCN82q2q/gtiBXbziaERVs/eU0O52aX5qU
hXu3VIjXTp/riRimR/f9BPB1dgDZbF2aPZ/rJm26v82ft7gP1Sf52E9MrAaZATTfI0/TUHXe
BzN93EA9xb6/ENAMTX74u+NjlynWPD+hl64eBzJ2ionZF1bJFTgBkMfRYnhllvleCjcq9YfX
md5HKCwtxfygBIujUQSwyUzn0f5DbVCJ7/B19bKdvHGSSBgBEjxqXWQskm2wc0Inww63goZA
GDQliKhIT8xnwOBbLkqSobq4tD9zpQyxvMA2rhy7/gfFRp7TTak7MZHflTJ37S5LvcWHm/cc
WUZDUN7akoEDc+m6jX3uIEPMD3PQvcHhWv0amco3zDr1qb/+rXM7TJKd7DPX0E2dRzKu6aYR
MTbklbQhVGhvbWFzIFZvZWd0bGluIDx0aG9tYXN2MUBnbXguZGU+iEoEEBECAAoFAlNDyN4D
BQF4AAoJEEoPd0j1vMP5sY0An3Wq0MVx3tOHBXUhvpawdjbzJxnTAKCSdC0ZrqEQw0NgC3E9
dqdhe3Iut4kCHAQQAQoABgUCU0zJ5wAKCRB4U9pNSYga0yRSD/9HbtwxWWbrpXs/2jd5hMx8
YVshJOQSTte/xakquVRqHt2Erqd8+OVICtxPZ3842t+zUCNrQP84fYMvePWZbEo9omhSeZMx
RJt1dJJ3KIwue87LX8pJJKX0ksrC8nJcjEqbfQ6Q8Dfzx5ey84sCQcfgJxwLFP3I5GCku8Tq
U11w2XHkcqHNRk61xcP5EeolHeRc461c4y7m25aBaVhBj5WfBr/viL3stl9MqsgP2MDIJb5A
11gWngn49IrsVvQuJMZJO7GoCoyy67A7bEFC/e+htSFcPfpbKsZDxJzCdUCQv9NiyReyaqQ8
rViA0IVaD0JPprI1IWdLu/4c8ndzUvn137ER5zT8had/0bHExvSGnRY56ad0vccr3sGea4XV
mdH9irMRXG3yQSza0jh/2n+MpzkgIqh8M33pZQme3uEtXUKWBlxK12ZkYn9lwOf/pKBJ+j+R
k1ewpIw5Mu/aCKMAxtSibGcw12wtgG2Yj6j6DX6c8s+4h4TWCPFcE64E9gmoqrNZH3jQGPv4
2fKx7PUAzUouKQLr49WfBI69YPKlidWBjn1ZU9Fxs9tBDPlcyKiiM14pOLqhiP4/elsQ+FTW
RjHcaR8NR6zIlYefpWu4T6q3MtcvZ05r8WQlxIxRXn3jRwUHLofovovaNNcu7jz+94DBKadK
q7HaVB2DDA6hh4kCOAQTAQIAIgUCU0A2kQIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA
CgkQK9WCS3+UcOYTgQ//aPzahy744awn8uv0m5Ugv7nVfboxZ74WWWaa26/DnuhnTMH8PpLW
Xdp2G9PSo8V2JhqGXmSprwm9C6DCklVoIrB9a4Mw8yOlMxS+G6Vdvj6gkolmnpH5wZvqB2xo
CQrgF3mxl41S/CbL4QJdB0Gc0wNUV9LvExABzsTiOZfpl0jfnMFWbgzKbeb/iQ8jxhzPyqml
wsNViWOdJqpWp+v9eVx4pZr2PwmsZm1zR2Tl7nJj8cgk3okE6soR7CAW+EcVmAmlF7/frL64
qLb9h2aUNddDTdPZpdStZA5TS2Yd4zajLGyJhQK2zfBopI6oUQVdyu+zaeJXHJ7AT5ZUDKqk
FCxu1LIXEE2rZJkzG49k0NKEFhGbdLiZp5sYM9fIo7OptnyWYZR9EGFWDsFLyuhnwBZbh8Dm
RyF6J7/ApLk1vj/dJTgf/WZ0RGXmG9sJb1enwkzB8abSG099ZGy087uChCOvkoUF0/mACogu
UiQvYXoXmngKR98HC4mSXAimL+rm2Pt1H/xKF3KlssMKUv51pEqTEmI6vlfcQnBhyDGeL2ZI
mejkuTLu9/a4Bnz+2It6alGCyKVGuUIjTjBIT7Vm4/6B+ZXWmaMMIGeDCtjM8XsfCIRaaT7W
YKiX7vTWUCyAqcXHdoVHt11rwfo3L26Gdae0Tu2sd1aPc8tX8mBBTC+0PVRob21hcyBWb2Vn
dGxpbiAoaHR0cHM6Ly9lbGVjdHJ1bS5vcmcpIDx0aG9tYXN2QGVsZWN0cnVtLm9yZz6JAjgE
EwECACIFAlTGBcoCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECvVgkt/lHDmewUP
/1SbkZjO5EHeQ3CUu+gSqTLSrYFDVd4YtofJDRrZCHioaXoivj3sHhSQm9J0A4hGLIOV3f5e
WcDd+HKpYYGkPLlgWK5jZ0mBhAi68Xo8elk1h6dgLQ/QV64+9xxKMdmmwtAXZMt/Wgk8rkYU
s2xZ1drp4S+yGqyqq+W2ressBWVrDnGorBI1l5U0g/4WKp5EV/L5wWUZ0YB8otcjrx7FxhQd
8Tvj+yVG+BOwVc1UQyczIHAYWOb02eDJ3PHiKZTVSNU2hdoZoZp3s70RelzWFdRMPbdvxxPO
fg6iAYpFFmD008SYllDsMVz/XVThJjU3AIFU4bzDe1vlqBe//6nDSpmzyA8hlOcW/zCzazPj
Fn2r7ZBzanGNPnBX9u8+JjsXdnhDA1cTfxYatB4qboDBGsGmdBvcbBf62QcyoKbu/kr6kasV
J9+rzc+fbw5QWBF0p4OpyaG1HTW+oh6P66WemWBysZs6yuUTqZirOs6T0zp/B8NvY8cdO2rs
xCFRGvIc2Woqk38CPcgcM4RUMDcZjWikRGncaLL1NVck72hFZjJk8dtuzBdaocKvcq0l7Zim
SRoh0c8i+AeLwBq3/bivRsM0tk5cpLEXY2qcOgqqfLFAdj1Mx6mDVrNMErGbscFbeiUg+DfL
6WE0xdNCzjSntqC4YxjcaR/gVd0qjB10JfSouQINBE34z9wBEAC+S2CYl+UuDxvPdUzIoXo4
eSlYHN+v0c4FmCZBNuivOebflnQGurKRykdUZqU07J2k12gv2zcSWavtL4vRipcPeLcBLnrt
Lwp4op6cugBXsnb3govqna+V0OIcdQ2NdZJ7RgS9sDDra2eKAHhZ57R2HADGGjAWOafIHd1l
UdnYCL6TnHs0AS8IaDB5zegPiRENu2R3KJcAzvYnPreGALZeedgz9cSm3E+A9SQ9CeluhW1C
RJTl0XkozRgrki2WU7AszIND+kR8FlCrQ70SqyvzNzYfy9hLFuZgEJ2KbOmvoclZFXfZC7KI
LRzxOMb996c2wweWI/ts6nY2FKjvzg35D/h4zUb8o7hy+lt241OhZ7iUF1+JZbJJbOIZSgz2
sGt3Llp7HWn6LgGTsVsAZRsrEWewWhzhREzpQHlDdRGHxa3JHH5GM01+zQwNEvfWl+99M/3P
V656jOdjjvS60hUZ2GfitzPM9hRb6Pf2baqkwx9P6B/mstAsLaMEqL2VKJYwEPM5povArTwx
R4OLK2nvGMVuH3rZ+0LT+qzlUcEAsj9di87Qu6GBjnnLVORvRpFQ7mzVuPFbnsdP7qT/UTkY
yjfGrQa6EnJqJkeYUocZoHSQcuCP0w5FRW2av4UT0kwB4J3IhAuu02IbM81z9505+fwIdMAh
gndx34jV+huzHQARAQABiQIfBBgBAgAJBQJN+M/cAhsMAAoJECvVgkt/lHDmiUQP/3Sx0QY3
gJDW0bGORjU1lGc1691QubzaqcKT/ayuEEwJqZd4lORfsLIDBu/Iktlzlfoo2QPCr4rIZXrU
CaDTMUtT1OLAOGN+IWG+tabR7Pj5sDaXHYIwF/pgofcUNPNehsiGl7cbcWnCSVtytO36iiJC
YyEjzsky0nfsJdS7URNnwOu6TJqTBxvLfkT6tXaf3t6qei+43Ol91Pm59pu7tnIBFW7gJ0mi
hqDEjJ7He9S7X9W+vw8L2c/xwbbRIHIEpj5Xh1FcgQ+Cw63I0wyu83RDMO2/3DwZ7ugpk3KI
BRKrweJ/WKHaPuIo+wJ3VE8+CY9afLxZZx74UYPNjA3xlDyfrowY22F0TrPlgJmgkPE4I2d3
QBTRazqgG2LukJWNsX7u74/q7nOgK3ZgazpbCRZjbMRUSX4HVLoOSRSFDe+xm44rB41npvHG
N7M7shJHvB9qYvNNwgLlbZGqDZjQx7BAYnn7d+GaNFfgP6tsJIsd0vb8kYziqoRq1t9KsZ1e
mRXsbnlrjt6jkNGVOf0yB9JH7dp+Of0XsXgavyKedsxNbxL05EJgQnwhmZqk7vvUaPKrI3nM
VTcclT5cIZYpq8okPnT2iWGjkn4sBBDIdjMleXOreqjfZ+oxXYgizpZph2RQPMQ6HbKH0BJp
b/iP8chGe52up8W6WVbjwtwdCRbW
=Tisf
-----END PGP PUBLIC KEY BLOCK-----

Quote from: http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x22453004695506FD
Animazing's PGP public key

Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.5
Comment: Hostname: keyserver.secretresearchfacility.com

mQENBFD1gzgBCADGVp8wVMk0viUTR3FBzCfdGGULYcyiKFNdGlKxORyrdWJF6/g5JuYPU0NX
CRJ7hqX4hopOiID+oxE7p/vP/i/Sm6B6xZMq8bJ+PiJ2h8ZqnourgL8tkAqlDV+zLana+XeQ
PsPhJPeARAQDtl5QhQbvWm0idMyd1zuWdt4OVIYnhJ7w7Mw0CdUmBbkTc1P23J8vwqiyyuHq
V3JimkNJLm4vyWGFig6ElgRMbV5YWci41OTH3x8qkWHFdB1h0ODP/28bBwpVVXqnObrp/Lsr
9aQSP5VujGIL/cOdel/7xD2Dc5qS/HXYZgJUk6x2WkLmO47NSpW6rone3W2A82gkKRwXABEB
AAG0H0FuaW1hemluZyA8YW5pbWF6aW5nQGdtYWlsLmNvbT6IXgQQEQgABgUCU6Vs9QAKCRDm
2h+JhqdAt+CVAQCaiQzkHb/2TwDgdJEiLBWwEv4s6i70fa9vl0xUJ3b1TwD/fyCE+7+UD0Os
0zVZoyGVeHC8t7fO1D2bh7bkpkHymluJARwEEwECAAYFAlMm2/wACgkQpnZvcYW+SwztsAgA
kzuQKItH5T4F/7b5T/+KhhuREaU0vgnhknBVd7ghyqGX1lTNhQQIVz6wYIai/PT+oY97Ckr1
2pIanWsOxx3yhpo+WlrK6no/ZB0uD6QR6R8Q2Cv5jMSX6k6pWx5jzNvHyBOvKQm0nqZ3yi6p
0JD4OTKUhGEZPstFKTU1iFtqI9k0kEU3U1m75yLaE/01axoAH//Fdw43Y3Upl0nEvAp6AkW6
X0hFCUs2b/uhLQ0EsQxtruv9vs/Y3gRvZkuKy5zQxrMrPwSfw3yBBSHxhPtETLcN8nfpDvy8
cMJlbYokzqXzm4CrW+Hvly3coOBhf0ausx62PSuQAjbsT7tji2xJ84kBOAQTAQIAIgUCUPWD
OAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQIkUwBGlVBv3mLwgAhKjY29lbxmWf
iK+6jmXo+KsivNIiV5zddr/GaSCsdN8FVPdZh4anng2QRymBqsPWqO3lkUXvATGf1YsSsaWw
iQ+Z6A5mPHaafdnIH5jnLRwl4Y8zvZoPRneNoGL6G2/fsYxvaZXrI7vTR0bXHe/BLVhjJEuB
HqlXCVHD7SX7kH/nMewp1G+lFy5OmauDyu2BPFk6xHI5GfpyTrDuVRuejf7VcwFMVNtV/j9L
KYxTdaX16u7ZqBhF+QHem5d3wMxiVLNmKJRZMdXps6wHQ3TTWwm2YV/oqYzXEXxD96oyVZ69
Lax3RcY5YVC7hEbIAmo3uHVndzKbbvxZUIyFjMmf9IkBnAQQAQIABgUCVR8b2gAKCRBeWmsh
HQAymExZDACK/eqEtaHaGDnpRJPasswiMSfLigIUD5Dk4bl82h3Z3Asi2bhagzi9saEO1JSZ
c+hQspO6jLk1pkcVvBaRvwPY8PaR0IxQv7Z/L02parHqFmfm/idBhWuclk0UZiNIvgAS0NQg
wmRB19XheubS2qS5yIDsIEEAkwa1O9mwEkYW4Vtv5ot7D03cMxDKDliTu7EtGyCnOtltvwpK
O9EtqzrubhBNAaRLSIBZFYLLzcNne0fQ6UZ/4d30x+QB9hJXBBy6wkrOzi29XtWea72XT4xs
NwT1cAgMIxntFcvA+hpQcx+5NTfi2cqbxOVUS46+aBlnh6gHvf56oTLNpPalulgz6yHYqCFS
pR0hthf2j2ab7J9X/hlSaARG7vR709iCe5UZqWknfsPrHVz6FTyCRxYPBr2Pj0RJILs8RWWN
CSGs8FrGD9wrjKbhvGAEgU7pxNWyiTtI+hQGepOYEJaiPhSIbUAWWEqyTv0vJ7ueQ7fMfy8k
2nPpaAl+vSeG2Lu/tgKJAhwEEAECAAYFAlHaodMACgkQuW8jAK0Ry+6xohAAj1Cka1AoIDmP
cU5IlPLPwsYoyfLmkAbcpeNKZA6Yf4pm96i3tKXbLgCxSrejSmraVIYZoNGFtmAx+rpwdZtD
WyFWGlMkDhjRY1rQ6nlkO8CtPU/brbyZJci2J67U7hUsJt+O5gaftclG2RcC61BQz3Ee0Fl8
JKSE5V2KqOD2W1BTCTYrnpY5YdMB8qSalR8txZaSqkA3xpSrIwJ04EHT1uyQAJiacQ0ynHpc
U/xfVBnzj3Hc0mRxBTI5Nznk8NAHleY5OSiZX5YJb3mvycdV34mGXnnayk9S8HotWs5kLpMQ
2TpXOiZK4/lJBlp+q3ksj+01qoqTrRXijI+6z9QRS6y7AkSWO0PaV9UiuARH5bBV5qzzT2q9
vtYTEkoGHj1IyoW70l2TxyfQLQBVNcYp864+TQJmxiVIVUEMSsJ7VnoifzIvgBz8/d62POQH
7zvmnWA7VvYD8Pn3dXVOF7sSOxqJ+YLxcOkjpgqI8ef0Jiypa0w5TgujpJ/SVWpeP410SlK4
w+ICmxc3shR/pdJfVhgRGS6e8A4GCHnDHg8ksLJ8qoUmPlOWJjdfjakzQD5vvAV0KwWQ0mu9
ca3C3NjivYSWZdiHzeQE5hXqVV8wlghshFKOcm81vdB/hsay5hthilSSL9trmnNdYNppZHc0
bV6PYpYpHWaD1NpWQSbIeiWJAhwEEAECAAYFAlMhylgACgkQU0ang2ZmhIyaGxAAtZkb9fGc
A6hPgaxVp19iIRvxm4zlQ1KB1bGTs5Bi9cXPtcKJVKMxe6PVSe2I7x+dLvBeS3ywisvuhekB
+7ma9OfmRx2pp+qGWVhvsIzVNamuqNSa/d2MpCSOAAviJXU/CzmkQUesJJFYVkEfio+zf69W
IQpoSomX/lMJPZPN7d4fbxc1zaQKYrCvoqo3KNSEPJV3EU2rTQ7QgT/R9n6n1oDl/O14XDpn
dvHoBKMphdBuiapXvSsyfUN2xIxlUuGbj4ep2ooYsFWooQ9E+Q8Ax/Rwv70Y1Yx9fA95jRex
z4hcZpz56+I89mKUmKkzmAEvNRzoiQ7pNf9/Euuk8g23QhTK/8mSMhM0AW5zsjnsdrhVdqi0
Z3A/jNmAPvNT1UAW1VpSH9nflkhdQ3myerDuAfiTNmquHrDLtuo0SvZWgxRpmMk3IBq3ckSG
5/cRagmi2YOlLp6pgj0YS4VW+Qfe6N3HC5mWNCkEHMs4x7QLqi6892KQc0s3mnfY83SxXR2J
E2g+AGzeEuhQV4NfVcHz4MLQHmXK9WH2mumTdUun94BtpNVLSSKASqy6NoJ7ekYpjuB7ZuoE
SKo/96DQt9HirsTfHdF82058IDPt2SdimSIdxilgwVeQCOmKu5ZiRrF6s2PzDvjpR+a8MlBh
HAj/i8Soq7cNWnJ+fWtSgT7PR+eJAhwEEAECAAYFAlM6w20ACgkQK9WCS3+UcOZMgA//enrQ
DHOj/lZkyZxgQG/3WyPsRXA84YcuKGZfXVYNRN+O2HH/pja/pBX9/tZ896O069fqSPyEdr44
53mwTQhZrvITLFhGtykmQKEvB2HYFNvvPPmbImsGN6HNj4h2/Vbrd1NvZzNMLodHYhMZV9lB
xWZOVzaJI+EjbYiYEvOGRq+XACZvYzDK4y55+oDaTa2mdWHfW9uSj5X2WoNhczvh8RWVFaVu
idkY3/gbDY2RoNgPKsAYw7cJWu+vUoD0sY/WLP3t4xCUkcR+zr/t2RZbqDywoOPdIDdB8P8N
RRHl1aCqRPFJBJ/P8cBjgRYTb/otgfn1NGgRd2M1NRaB4+IdvINwQ93z3Jo3h8kCtzN2AOnk
EdqcjITJoFlX/dYQWAZ72uSUe7t1MtaTPh5i1WGMtZtSxSV/0nwTUqX0HPpPaAkJNW+F4aXW
KDwCld9yebzS9fB5NLU7FPQUsNg/j3FBGgYnP8uuHH1tnFtsYOfMfYQb4keTnGU12zQfCBsL
424nRGZtXlshTV2n0H70c6up+6DzXAwK+xPmgdMqzgG27duFXD67NFfa6ZbsWoMS9Pj2MwFb
uvkm6ilMwnCA2T1SLKrPui9LePUpxbumtvG30Sl72Wm8DuUyYRI5FykV1z+5tTsyYUQ472Kx
PA1E9xxSrEbeUgDEeyXxfYhOHg1bOEK5AQ0EUPWDOAEIAMzeN8NjFRB53Fid/IagQxxQZeD1
Y9cn9S6fJ+nEoZWMPQ+iVCictH3gmqm+eZ0qOrqSTxkXgyIh7Uiu2lwjm7nmeBK328k2ei1e
3bpp0I2oMiShVAehxbXx5Jh29nlPDS8US/xehj6WnUeojR2qXVOSAtK7+V7taSyigOpYr/+5
fcq+/8Z+d+NaVp97MUmoH5LVNU2jCR+qyIM07qX2G4Vx+hU4tjc79Kl6m1equ6/sHwnkmMIs
GvLHZG+Pq+1wHIZwt1p39MhFvob9B2RFqbFtihTal36D0NBQMdlp9PtKtQZSQR5hWsmWG+m1
7/vyux7ZtwnTRbR+p/adFx6fsTcAEQEAAYkBHwQYAQIACQUCUPWDOAIbDAAKCRAiRTAEaVUG
/aARB/9pYfkB4rDe4OulrUXBusTxOGKm1yPjZaXveOqQkD8/2Vwxu7tYFMVMLDKYtvxpmrUd
b6oz9s8XrTkMIW7ZM3FmhNQhxsfEj9g6UGJnCXcf+Zw9wbqmzONNCupfN5wPOtoGd+KFUR5d
Vl3+BsUoIEcAcPR5AdP9gbqDSbrDyuk8+j1CfiLVAQXud3u2rkt8GWbTJ/LzKtF1UM0X3YnE
7fxi61DDgX6A1EJfss3aFj2lwmb38Yp041WKik2ZZEQpyQ8rXeYG8Wl0wSEYaMPDedEHRDoI
AYRshRHglZYCD80LF7c31koGLGzVWio3erJgUYUwhy1QUltdVL+5PcVyUlm1
=fNkF
-----END PGP PUBLIC KEY BLOCK-----
twister
hero member
Activity: 672
Merit: 502
Re: [Resolved] how can i check the Integrity and Authenticity of wallet install file
June 20, 2015, 09:33:34 AM
#3
Quote from: Muhammed Zakir on June 20, 2015, 08:01:08 AM
Verifying signature will do. Sources are signed by ThomasV and executables are signed by Animazing.

Signature for Electrum-2.3.2.tar.gaz is https://download.electrum.org/Electrum-2.3.2.tar.gz.asc.
ThomasV's PGP key can be found here -- https://bitcoin-otc.com/viewgpg.php?nick=ThomasV.

If you have installed GPG, run gpg --verify Electrum-2.3.2.tar.gz.asc Electrum-2.3.2.tar.gz. If the verification is positive, you downloaded the right file. Else, you downloaded a file which is not from official site or there is some problem with Electrum developers' side which is unlikely.

You can get signatures for other executables and sources from https://electrum.org/#download.

Em.. what if someone doesn't have gpg installed, is there another way of doing this, maybe online? I don't know what I am doing wrong but I am getting signature not verified. :-/
Muhammed Zakir
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
Re: [Resolved] how can i check the Integrity and Authenticity of wallet install file
June 20, 2015, 08:01:08 AM
#2
Verifying signature will do. Sources are signed by ThomasV and executables are signed by Animazing.

Signature for Electrum-2.3.2.tar.gaz is https://download.electrum.org/Electrum-2.3.2.tar.gz.asc.
ThomasV's PGP key can be found here -- https://bitcoin-otc.com/viewgpg.php?nick=ThomasV.

If you have installed GPG, run gpg --verify Electrum-2.3.2.tar.gz.asc Electrum-2.3.2.tar.gz. If the verification is positive, you downloaded the right file. Else, you downloaded a file which is not from official site or there is some problem with Electrum developers' side which is unlikely.

You can get signatures for other executables and sources from https://electrum.org/#download.
pooya87
legendary
Activity: 3472
Merit: 10611
Re: [Resolved] how can i check the Integrity and Authenticity of wallet install file
June 20, 2015, 07:17:13 AM
#1
i have downloaded "Electrum-2.3.2.tar.gz" file from the official Electrum website and i want to install it on my offline Linux (as a cold storage)

how can i check that the file is correct and safe to use?

is this what i should check against? https://download.electrum.org/Electrum-2.3.2.tar.gz.asc

how can i do that?

=====EDIT=====
for anyone who might have the same problem this is what i did to fix it:
1) downloaded the tar.gz file and signature (asc file)

2) downloaded the signer's (thomasv) public key
this can be done in two ways:
a) saving the key to a file named "key.asc" from the address provided at the top of the Electrum website: Link
then importing it:
Code:
gpg --import key.asc
b) or by typing  in the terminal:
Code:
gpg --recv-keys 7F9470E6

3) finally verifying:
Code:
gpg --verify Electrum-2.3.2.tar.gz.asc Electrum-2.3.2.tar.gz

an screenshot: https://i.imgur.com/g1cVqdW.jpg
=============
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Jump to: