Verifying your Electrum Wallet is essential to make sure that no one has modified the original source code.
Recently I saw
this 2-step guide for linux, and if you use linux it is very simple and straightforward.
But if you use Windows, which many beginners do, the process is a little bit more complicated.
This is a step by step guide how to do that on
Windows 7 with the latest
electrum 3.1.3.
1. Go to PGP4Win website and download pgp for windows.
https://www.gpg4win.org/get-gpg4win.htmlNote: You don't have to donate anything (choose $0) but you can if you would like to support the project. Once the file is downloaded, install the package. The default options are fine.
2. Download the Electrum setup file. Go to the Electrum website:
https://electrum.org/#downloadDownload the
Windows installer and the
signature file (right click on signature and "save link as...")
At this point you should have these two files somewhere on your computer:
electrum-3.1.3-setup.exe
electrum-3.1.3-setup.exe.asc
For now, don't install Electrum. We have to check it first.
3. Next step is to get the ThomasV's ID key. It is
7F9470E6 (this is the short id of his public key)
If you don't believe me (and you shouldn't probably since you don't know me), you can see it for yourself. Go to the download page of Electrum once again. Find the line near the top saying:
Sources and executables are signed by ThomasV.Click on the ThomasV. link.
You will land on the following page:
where the keyID of ThomasV. can easily be identified.
4. Open the windows command prompt [(Win + R keys) and then type
cmd].
Navigate to the folder where your downloaded
electrum-3.1.3-setup.exe and
electrum-3.1.3-setup.exe.asc files are
5. Import the ThomasV's key.
gpg --keyserver pool.sks-keyservers.net --recv-keys 7F9470E6
6. Finally, verify the setup file:
gpg --verify electrum-3.1.3-setup.exe.asc electrum-3.1.3-setup.exe
(Note: the order is important, first the signature file, then the file to be verified)
If the installation file is genuine, the output of the above command should contain a line like this:
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>"
If the output contains a line like this:
gpg: WARNING: This key is not certified with a trusted signature!
you can safely disregard the warning.
Now you can be sure that the downloaded Electrum is indeed legit, and you can safely install it on your system.