Bitcoin Forum

Hey there,

pls allow me to share an problem with the verification after downloading Electrum-4.1.5.tar.gz from the site:
https://electrum.org/#download

Then i downloading and import the file “ThomasV.asc” in gpg (sorry it’s in german):

$ gpg --import ThomasV.asc
gpg: Schlüssel 2BD5824B7F9470E6: Öffentlicher Schlüssel "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" importiert
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg:                              importiert: 1


After that i try to verify the archive:

$ gpg --verify ThomasV.asc Electrum-4.1.5.tar.gz                      
gpg: verify signatures failed: Unerwarteter Fehler


So i’ve looked what Thomas wrote on his website and have done this:

$ wget https://download.electrum.org/4.1.5/Electrum-4.1.5.tar.gz.ThomasV.asc
--2022-01-10 21:41:27--  https://download.electrum.org/4.1.5/Electrum-4.1.5.tar.gz.ThomasV.asc
Auflösen des Hostnamens download.electrum.org (download.electrum.org)… 2606:4700:3031::6815:5990, 2606:4700:3031::ac43:a0dd, 104.21.89.144, ...
Verbindungsaufbau zu download.electrum.org (download.electrum.org)|2606:4700:3031::6815:5990|:443 … verbunden.
HTTP-Anforderung gesendet, auf Antwort wird gewartet … 200 OK
Länge: 833 [application/octet-stream]
Wird in »Electrum-4.1.5.tar.gz.ThomasV.asc« gespeichert.

Electrum-4.1.5.tar.gz.ThomasV.asc          100%[=======================================================================================>]     833  --.-KB/s    in 0s      

2022-01-10 21:41:27 (10,1 MB/s) - »Electrum-4.1.5.tar.gz.ThomasV.asc« gespeichert [833/833]

Then i’ve been astonished about the small amount: 833 Byte. After that i tried to verify:

$ gpg --verify Electrum-4.1.5.tar.gz.ThomasV.asc Electrum-4.1.5.tar.gz
gpg: Signatur vom Mo 19 Jul 2021 20:22:29 CEST
gpg:                mittels RSA-Schlüssel 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Korrekte Signatur von "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [vollständig]
gpg:                     alias "ThomasV <thomasv1@gmx.de>" [vollständig]
gpg:                     alias "Thomas Voegtlin <thomasv1@gmx.de>" [vollständig]

So far so good. Then i tried to import the key. First i deleted the other one:

$ gpg -k
pub   rsa4096 2011-06-15 [SC]
     6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
uid        [ unbekannt ] Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>
uid        [ unbekannt ] ThomasV <thomasv1@gmx.de>
uid        [ unbekannt ] Thomas Voegtlin <thomasv1@gmx.de>
sub   rsa4096 2011-06-15 [E]

$ gpg --delete-keys 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  rsa4096/2BD5824B7F9470E6 2011-06-15 Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>

Diesen Schlüssel aus dem Schlüsselbund löschen? (j/N) j

And then import the small key:

$ gpg --import Electrum-4.1.5.tar.gz.ThomasV.asc  
gpg: Keine gültigen OpenPGP-Daten gefunden.     [no valid OpenPGP-Data found]
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 0

Wow, what’s happened there? I’ve extract the archive but feel not free to install. Maybe someone can explain?


Thank you in advance

That's not a GPG key but the signature file for Electrum-4.1.5.tar.gz.

You should put the signature file (above) and not the GPG key; like you did in the second attempt.

Ah, thank you very much. Of course an signature file must be much smaller then an gpg-key but has the same fingerprint. So i'm free to use the installer.