|
Title: How verify Electrum signature Post by: Darooghe on April 10, 2019, 10:34:44 PM Hello
I downloaded "Kleopatra". Then i copy "public key" from https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc. Then i pasted all of them into "Kleopatra" by "certificate import" button: I got this: http://s8.picofile.com/file/8357095234/thomas.jpg Then i downloaded "electrum-3.3.4-setup.exe" & "electrum-3.3.4-setup.exe.asc" from https://electrum.org/#download Then i put both of them in the same folder Then i click on "decrypt/verify" button and choose "electrum-3.3.4-setup.exe.asc". Finally i got this: The data could not be verified http://s8.picofile.com/file/8357095250/thomas_2.jpg Is everything OK or i did something wrong? Is the signature matches with the files? I did also the above instruction with "Electron cash" and got the same thing. Title: Re: How verify Electrum signature Post by: TryNinja on April 10, 2019, 10:51:55 PM This just means that you haven't manually trusted ThomasV's key. The signatures are matching.
Right-click on ThomasV's name and select "Certificate"; Follow the quick steps and his "User-ID" will change from "not certified" to "certified"; Then, do the verification again and it will show a green message. Title: Re: How verify Electrum signature Post by: HCP on April 11, 2019, 05:11:53 AM Alternatively, simply click the "Show Audit Log" link shown in your screenshot... it'll show the commandline output... you should see:
Quote gpg: Signature made 02/14/19 11:08:30 New Zealand Daylight Time You can safely ignore the "warning: this key is not certified with a trusted signature", as TryNinja explained, it just means that you haven't personally trusted ThomasV's signature ;)gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown] gpg: aka "ThomasV <thomasv1@gmx.de>" [unknown] gpg: aka "Thomas Voegtlin <thomasv1@gmx.de>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6 Again, as long as you see the bold line that says: "gpg: Good signature", then everything is OK. For the record, if the signature was "invalid", Kleopatra would warn you with a big red highlight like this: https://talkimg.com/images/2023/11/15/zB18T.png "Invalid Signature"... and "Bad Signature"... and in the "show audit log" (or on the commandline), you'd see: Quote gpg: Signature made 02/14/19 11:08:30 New Zealand Daylight Time gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 gpg: BAD signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown] Title: Re: How verify Electrum signature Post by: igor72 on April 12, 2019, 06:45:47 AM Alternatively, simply click the "Show Audit Log" link shown in your screenshot... it'll show the commandline output... you should see: This is not completely accurate. Two conditions must be met:Quote gpg: Signature made 02/14/19 11:08:30 New Zealand Daylight Time You can safely ignore the "warning: this key is not certified with a trusted signature", as TryNinja explained, it just means that you haven't personally trusted ThomasV's signature ;)gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown] gpg: aka "ThomasV <thomasv1@gmx.de>" [unknown] gpg: aka "Thomas Voegtlin <thomasv1@gmx.de>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6 Again, as long as you see the bold line that says: "gpg: Good signature", then everything is OK. 1. Absence of “Bad Signature” or “Invalid Signature” AND 2. The key must match the 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6 (or 2BD5 824B 7F94 70E6). Fake signature example: https://d.radikal.ru/d28/1904/e2/965d2b5d584c.png Title: Re: How verify Electrum signature Post by: N00B4L on April 12, 2019, 05:19:55 PM click the "Show Audit Log" link shown in your screenshot... it'll show the commandline output... you should see: Quote gpg: Signature made 02/14/19 11:08:30 New Zealand Daylight Time gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown] gpg: aka "ThomasV <thomasv1@gmx.de>" [unknown] gpg: aka "Thomas Voegtlin <thomasv1@gmx.de>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6 First time verifying and I think i followed the instructions correctly, double checking that this output is OK. There is no "Bad/Invalid" and it says "good signature" and the fingerprint matches so I am guessing the difference is trivial, but i get an audit log without 2 of Thomas V's aliases: Quote gpg: Signature made 02/13/19 16:08:30 Central Standard Time gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 ~this line/alias is missing/different~ gpg: Good signature from "ThomasV <thomasv1@gmx.de>" [unknown] ~this line/alias is missing~ gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6 Title: Re: How verify Electrum signature Post by: TryNinja on April 12, 2019, 05:23:47 PM First time verifying and I think i followed the instructions correctly, double checking that this output is OK. The primary key fingerprint matches and the signature returned “good”, so that’s what matters. You are fine. There is no "Bad/Invalid" and it says "good signature" and the fingerprint matches so I am guessing the difference is trivial, but i get an audit log without 2 of Thomas V's aliases: Quote gpg: Signature made 02/13/19 16:08:30 Central Standard Time gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 ~this line/alias is missing/different~ gpg: Good signature from "ThomasV <thomasv1@gmx.de>" [unknown] ~this line/alias is missing~ gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6 Title: Re: How verify Electrum signature Post by: N00B4L on April 12, 2019, 05:32:17 PM Thank you.
|
