Title: Problems with verification after downloading Electrum-4.1.5.tar.gz [solved] Post by: Miau222 on January 10, 2022, 11:12:23 PM Hey there,
pls allow me to share an problem with the verification after downloading Electrum-4.1.5.tar.gz from the site: https://electrum.org/#download Then i downloading and import the file “ThomasV.asc” in gpg (sorry it’s in german): $ gpg --import ThomasV.asc gpg: Schlüssel 2BD5824B7F9470E6: Öffentlicher Schlüssel "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" importiert gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1 gpg: importiert: 1 After that i try to verify the archive: $ gpg --verify ThomasV.asc Electrum-4.1.5.tar.gz gpg: verify signatures failed: Unerwarteter Fehler So i’ve looked what Thomas wrote on his website and have done this: $ wget https://download.electrum.org/4.1.5/Electrum-4.1.5.tar.gz.ThomasV.asc --2022-01-10 21:41:27-- https://download.electrum.org/4.1.5/Electrum-4.1.5.tar.gz.ThomasV.asc Auflösen des Hostnamens download.electrum.org (download.electrum.org)… 2606:4700:3031::6815:5990, 2606:4700:3031::ac43:a0dd, 104.21.89.144, ... Verbindungsaufbau zu download.electrum.org (download.electrum.org)|2606:4700:3031::6815:5990|:443 … verbunden. HTTP-Anforderung gesendet, auf Antwort wird gewartet … 200 OK Länge: 833 [application/octet-stream] Wird in »Electrum-4.1.5.tar.gz.ThomasV.asc« gespeichert. Electrum-4.1.5.tar.gz.ThomasV.asc 100%[=======================================================================================>] 833 --.-KB/s in 0s 2022-01-10 21:41:27 (10,1 MB/s) - »Electrum-4.1.5.tar.gz.ThomasV.asc« gespeichert [833/833] Then i’ve been astonished about the small amount: 833 Byte. After that i tried to verify: $ gpg --verify Electrum-4.1.5.tar.gz.ThomasV.asc Electrum-4.1.5.tar.gz gpg: Signatur vom Mo 19 Jul 2021 20:22:29 CEST gpg: mittels RSA-Schlüssel 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 gpg: Korrekte Signatur von "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [vollständig] gpg: alias "ThomasV <thomasv1@gmx.de>" [vollständig] gpg: alias "Thomas Voegtlin <thomasv1@gmx.de>" [vollständig] So far so good. Then i tried to import the key. First i deleted the other one: $ gpg -k pub rsa4096 2011-06-15 [SC] 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 uid [ unbekannt ] Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org> uid [ unbekannt ] ThomasV <thomasv1@gmx.de> uid [ unbekannt ] Thomas Voegtlin <thomasv1@gmx.de> sub rsa4096 2011-06-15 [E] $ gpg --delete-keys 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. pub rsa4096/2BD5824B7F9470E6 2011-06-15 Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org> Diesen Schlüssel aus dem Schlüsselbund löschen? (j/N) j And then import the small key: $ gpg --import Electrum-4.1.5.tar.gz.ThomasV.asc gpg: Keine gültigen OpenPGP-Daten gefunden. [no valid OpenPGP-Data found] gpg: Anzahl insgesamt bearbeiteter Schlüssel: 0 Wow, what’s happened there? I’ve extract the archive but feel not free to install. Maybe someone can explain? Thank you in advance Title: Re: Problems with verification after downloading Electrum-4.1.5.tar.gz Post by: nc50lc on January 11, 2022, 04:14:29 AM Quote from: Miau222 And then import the small key: That's not a GPG key but the signature file for Electrum-4.1.5.tar.gz.$ gpg --import Electrum-4.1.5.tar.gz.ThomasV.asc gpg: Keine gültigen OpenPGP-Daten gefunden. [no valid OpenPGP-Data found] gpg: Anzahl insgesamt bearbeiteter Schlüssel: 0 $ gpg --verify ThomasV.asc Electrum-4.1.5.tar.gz You should put the signature file (above) and not the GPG key; like you did in the second attempt.gpg: verify signatures failed: Unerwarteter Fehler Title: Re: Problems with verification after downloading Electrum-4.1.5.tar.gz Post by: Miau222 on January 11, 2022, 05:06:27 AM Ah, thank you very much. Of course an signature file must be much smaller then an gpg-key but has the same fingerprint. So i'm free to use the installer.
|