|
Title: Electrum Authentication through GPG keychain Post by: valentin.raich on August 09, 2020, 12:42:41 PM hi, can anybody help me to get the right Electrum's public key I need to enter in the GPG keychain - so that I can verify my electrums download in a second step. What I found so far is from 2017 - its the Thomas Voegtlins public key "0x2bd5824b7f9470e6" - but when I am entering this in the PGP's "lookup for keys" search it doesnt find it.
Thanks a lot Valentin Title: Re: Electrum Authentication through GPG keychain Post by: TryNinja on August 09, 2020, 12:53:31 PM You can get his key from the Electrum's github repo: https://github.com/spesmilo/electrum/blob/master/pubkeys/ThomasV.asc
(Double check this is the real repo, do not trust me. :)) Title: Re: Electrum Authentication through GPG keychain Post by: OcTradism on August 09, 2020, 01:27:07 PM How to Safely Download and Verify Electrum (https://bitcointalk.org/index.php?topic=5240594.0). You can read it and practice. In that thread, there are some links to official sources of Electrum wallet but as Try Ninja advised, don't trust him, trust me nor DireWolf. Check and verify.
Title: Re: Electrum Authentication through GPG keychain Post by: o_e_l_e_o on August 09, 2020, 02:06:24 PM Electrum's public key Electrum doesn't have a public key. ThomasV, as the lead developer of Electrum, signs the releases using his public key.but when I am entering this in the PGP's "lookup for keys" search it doesnt find it. What directory are you searching in?I can also verify the key you have shared is correct, but as above, you shouldn't trust random people on the internet. You can also find his key at the following places: http://keys.gnupg.net/pks/lookup?search=0x2bd5824b7f9470e6&fingerprint=on&op=vindex https://pgp.key-server.io/pks/lookup?search=0x2bd5824b7f9470e6&fingerprint=on&op=vindex Title: Re: Electrum Authentication through GPG keychain Post by: valentin.raich on August 09, 2020, 02:52:31 PM Thanks guys so far - I took everything (ThomasV signature, the download itself and the signature of the download) directly from electrum.org but in the end GPG says "Untrusted signature - This signature is not to be trusted"
I must say - I am really not too familiar with this computer stuff - any ideas? ::) Thank you Title: Re: Electrum Authentication through GPG keychain Post by: TryNinja on August 09, 2020, 03:06:02 PM but in the end GPG says "Untrusted signature - This signature is not to be trusted" This just means that you haven't manually set the key you imported as "trusted". The signature matches, which is the important part, but... what does that mean? What if you used a random/fake key and it matched? The software doesn't know if the key is really from ThomasV, so that's why they give this warning.I think you can set it as trusted by right clicking it and choosing whatever option is there (depends on the software you are using). Title: Re: Electrum Authentication through GPG keychain Post by: valentin.raich on August 09, 2020, 03:27:07 PM ...I set it to trusted manually - I understand the point you are mentioning - about trust - at one point in the chain you need to trust...which is probably not justified
so if I got you right - the authentication process is ok so far - just wonder why it says not trustworthy even I set it to "trusted" before Title: Re: Electrum Authentication through GPG keychain Post by: valentin.raich on August 09, 2020, 03:34:05 PM ...I see...now I set the option "Ownertrust" from "full" to "ultimate" and now it says "Absolute trusted signature"
but I got your important point that actually its just trustworthy if I get the signature from ThomasV personally Thanks a lot |