How can I validate Electrum Windows version download ?

[Flanagan]

Can someone point me to how to do this as I couldn't find any information on the official website?

Thanks and Happy New Year $1024 bitcoin right now

[ranochigo]

Can someone point me to how to do this as I couldn't find any information on the official website?

It's there in the download page. All the downloads are signed with ThomasV's signature.

Download the signature file (.asc) and use a PGP program to verify it. Pretty good tutorial here:https://www.torproject.org/docs/verifying-signatures.html.en.

So, replace the .asc and the program file with Electrum's and ThomasV's key is 0x2BD5824B7F9470E6.

Thanks and Happy New Year $1024 bitcoin right now

Happy new year! Oh hell, I sold some coins at $900.

[Flanagan]

Thanks for your explanation.
I am trying to do it as in an older thread (https://bitcointalk.org/index.php?topic=1113222.0) which says:

Download Animazing's PGP key   (<--- replace with ThomasV)
Open up Kleopatra and go to File > Decrypt/Verify Files ...
Select the the electrum-2.3.2-setup.exe.asc.
Check the box for detached signature.
Click the button next to the first text box and select the setup exe file.
Click Decrypt/Verify and it will verify the signature.


But I'm getting:
https://s23.postimg.org/gobm4576z/electrum_signature_bad.jpg

The message is:
electrum-2.7.12.exe.asc: invalid signature
Signed with unknown certificate 0x2BD5824B7F9470E6
The sigature is bad

[img]https://s23.postimg.org/gobm4576z/electrum_signature_bad.jpg[img]

Also don't know about the first step of downlowding the PGP key. I did so anyway, it's in Kleopatra with Thomas Voegtlin.

?

[ranochigo]

Thanks for your explanation.
I am trying to do it as in an older thread (https://bitcointalk.org/index.php?topic=1113222.0) which says:

Download Animazing's PGP key   (<--- replace with ThomasV)
Open up Kleopatra and go to File > Decrypt/Verify Files ...
Select the the electrum-2.3.2-setup.exe.asc.
Check the box for detached signature.
Click the button next to the first text box and select the setup exe file.
Click Decrypt/Verify and it will verify the signature.


But I'm getting:
https://s23.postimg.org/gobm4576z/electrum_signature_bad.jpg

[img]https://s23.postimg.org/gobm4576z/electrum_signature_bad.jpg[img]

Also don't know about the first step of downlowding the PGP key. I did so anyway, it's in Kleopatra with Thomas Voegtlin.

?

You are supposed to import the PGP key.

Since you didn't import it, the client does not know whose PGP key is 0x2BD5824B7F9470E6. Your pgp client would probably not say that the PGP key is fine if you don't import/specify that the client should ensure that the signature should verify to 0x2BD5824B7F9470E6.

Since it does indeed verifies that 0x2BD5824B7F9470E6(ThomasV's key) has signed the program, the program is authentic.

[Flanagan]

Thanks for your explanation.
I am trying to do it as in an older thread (https://bitcointalk.org/index.php?topic=1113222.0) which says:

Download Animazing's PGP key   (<--- replace with ThomasV)
Open up Kleopatra and go to File > Decrypt/Verify Files ...
Select the the electrum-2.3.2-setup.exe.asc.
Check the box for detached signature.
Click the button next to the first text box and select the setup exe file.
Click Decrypt/Verify and it will verify the signature.


But I'm getting:
https://s23.postimg.org/gobm4576z/electrum_signature_bad.jpg

[img]https://s23.postimg.org/gobm4576z/electrum_signature_bad.jpg[img]

Also don't know about the first step of downlowding the PGP key. I did so anyway, it's in Kleopatra with Thomas Voegtlin.


?

You are supposed to import the PGP key.

Since you didn't import it, the client does not know whose PGP key is 0x2BD5824B7F9470E6. Your pgp client would probably not say that the PGP key is fine if you don't import/specify that the client should ensure that the signature should verify to 0x2BD5824B7F9470E6.

Since it does indeed verifies that 0x2BD5824B7F9470E6(ThomasV's key) has signed the program, the program is authentic.

Yes I have imported Thomas V key in Kleopatra. Right now I have that key and also an earlier one I imported for another software (armoury).
But what use is this key if when selecting in Kleopatra File-Decrypt/Verify Files it only asks for the EXE and the ASC file, no mention of the certificate?
https://s24.postimg.org/v212s0kth/pic_certificate_in_kleopatra.jpg

[ranochigo]

Yes I have imported Thomas V key in Kleopatra. Right now I have that key and also an earlier one I imported for another software (armoury).
But what use is this key if when selecting in Kleopatra File-Decrypt/Verify Files it only asks for the EXE and the ASC file, no mention of the certificate?
https://s24.postimg.org/v212s0kth/pic_certificate_in_kleopatra.jpg

My bad. Not particularly familiar with that PGP program. The asc file is the signature of the exe file using ThomasV's key. Hence, if the asc file verifies that the program signs using the key and the PGP key is what you imported, the client would tell you that the program is signed by ThomasV.

Okay, lets check the steps:
1. The asc file should be: electrum-2.7.12-setup.exe.asc[1]
2. The program file should be 38.7MB.[2]

It is likely that the 2nd is the problem.

[1] https://download.electrum.org/2.7.12/electrum-2.7.12-setup.exe.asc
[2] https://download.electrum.org/2.7.12/electrum-2.7.12-setup.exe