Hi again.

I seem to have done it, thanks to everyone who helped.


From here: https://github.com/spesmilo/electrum-docs/blob/master/gpg-check.rst

Verify GPG signature

Run the following command from the same directory you saved the files replacing <electrum file> with the one actually downloaded:

gpg --verify <electrum file>.asc <electrum file>
The message should say:

Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>
and

Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6
You can ignore this:

WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
as it simply means you have not established a web of trust with other GPG users




I did as it said, using terminal, and the response was:



$ gpg --verify electrum-4.0.4.dmg.asc electrum-4.0.4.dmg
gpg: Signature made Fri 16 Oct 05:21:39 2020 AEDT
gpg:                using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown]
gpg:                 aka "ThomasV <thomasv1@gmx.de>" [unknown]
gpg:                 aka "Thomas Voegtlin <thomasv1@gmx.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.


So I take that as it is a trusted signature.

Thanks again. Hope this thread helps someone else having trouble.

Thanks both of you. One last try on this thread. I used home-brew and got this message:

$ gpg --verify electrum-4.0.4.dmg.asc electrum-4.0.4.dmg
gpg: Signature made Fri 16 Oct 05:21:39 2020 AEDT
gpg:                using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: key 2BD5824B7F9470E6: no user ID
gpg: Total number processed: 1
gpg: Can't check signature: No public key



When I use GPG Keychain it says - Untrusted signature. Thomas V ..... This signature is not to be trusted
It doesnt say Bad, or Error, just that is is Thomas V and not to be trusted.


So from another thread in this forum it says:

usually people don't add the key to their list of trusted keys so the verification result always has a warning that confuses most people. it is along the line of saying something like this:
Code:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
sometimes people confuse this with the signature not being valid whereas all it says is that they key is not saved in their local database as a trusted key.


Does this mean it is ok?

Hi All. Im new to everything bitcoin. This is my first post.

I am trying to install electrum on my mac desktop. Downloaded GPG keychain, electrum dmg and electrum asc files.

Installed thomas V's key on GPG using key from here: https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-mac/

When I attempt to verify signature of the electrum dmg file, it says 'untrusted file' 'signature not to be trusted'

Ive tried many times, downloading the files form electrum.org, reinstalling thomas v's key in GPG, but always the same response when i try to verify.

Can anyone offer any assistance? From what i see, the electrum.org dmg file is corrupted, but there's probably something I'm not doing right.

Thanks

Cor