Linux:1. open a terminal and enter:
sudo apt-get install gnupg
2. then type:
gpg --keyserver pgp.mit.edu --recv-keys 7F9470E6
you will see these messages:
gpg: requesting key 7F9470E6 from hkp server pgp.mit.edu
gpg: key 7F9470E6: "Thomas Voegtlin (
https://electrum.org) <
thomasv@electrum.org>" 10 new signatures
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: new signatures: 10
3. download Electrum and sign file (.asc file) from
https://electrum.org for example:
wget https://download.electrum.org/3.3.3/Electrum-3.3.3.tar.gz
wget https://download.electrum.org/3.3.3/Electrum-3.3.3.tar.gz.asc
4. now verify files:
gpg --verify Electrum-3.3.3.tar.gz.asc Electrum-3.3.3.tar.gz
you will see these messages:
gpg: Signature made Fri Jan 25 19:51:07 2019 UTC using RSA key ID 7F9470E6
gpg:
Good signature from "Thomas Voegtlin (
https://electrum.org) <
thomasv@electrum.org>"
gpg: aka "ThomasV <
thomasv1@gmx.de>"
gpg: aka "Thomas Voegtlin <
thomasv1@gmx.de>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
as you see in second line it tell us `
Good signature`. then that is
correct version.
if you see these messages:
that tell you `
BAD signature`. then you are in
danger or downloaded incorrect .asc file (for example for different version).