How to verify your Electrum [Windows, Linux, Mac]

[bitdaric]

How to verify Electrum (for Windows, Linux and Mac)

Windows:

1. Download and install gpg4win from here: https://www.gpg4win.org/get-gpg4win.html
 
2. After installation open Kleopatra and click on Lookup on Server.

3. Type 2BD5824B7F9470E6 (ThomasV sign) in Find field and click on Search.

4. Select 'ThomasV' from list or click on Select All and then click on Import
 

  
5. If you want to see a green verification message in last step, follow step 5.1 otherwise click on No and go to step 6.

5.1. To see green verification message, click Yes in dialog that ask you to confirm certification process:



at this point if you haven`t PGP sign, you will be asked to create one. do it by typing your name and email and follow wizard steps and set your key pair password and then click on Finish:



Select all IDs from Certification Dialog and check `I have verified the fingerprint` and click Next and then click Certify, you will be asked to type password you set and then click on Finish:



6. Now download setup file and signature file from official website: https://electrum.org/#download
 


7. click on signature file and you will see verification. if you get green message your version is correct. if you get red message you are in danger! (if you ignored step 5.1 you will get a white message instead green and it is OK too).
 

 

donation: 1JTBZEprk8pdSUtkQyFLVUy45g6x8cKoyJ



 

[1634345827]

1634345827

[1634345827]

1634345827

[1634345827]

1634345827

[bitdaric]

Linux:

1. open a terminal and enter:

Code:

sudo apt-get install gnupg

2. then type:

Code:

gpg --keyserver pgp.mit.edu --recv-keys 7F9470E6

you will see these messages:

gpg: requesting key 7F9470E6 from hkp server pgp.mit.edu
gpg: key 7F9470E6: "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" 10 new signatures
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:         new signatures: 10

3. download Electrum and sign file (.asc file) from https://electrum.org for example:

Code:

wget https://download.electrum.org/3.3.6/Electrum-3.3.6.tar.gz
wget https://download.electrum.org/3.3.6/Electrum-3.3.6.tar.gz.asc

4. now verify files:

Code:

gpg --verify Electrum-3.3.6.tar.gz.asc Electrum-3.3.6.tar.gz

you will see these messages:

gpg: Signature made Fri Jan 25 19:51:07 2019 UTC using RSA key ID 7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>"
gpg:                 aka "ThomasV <thomasv1@gmx.de>"
gpg:                 aka "Thomas Voegtlin <thomasv1@gmx.de>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6

as you see in second line it tell us `Good signature`. then that is correct version.

if you see these messages:

gpg: Signature made Fri Dec 21 22:08:41 2018 UTC using RSA key ID 7F9470E6
gpg: BAD signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>"

that tell you `BAD signature`. then you are in danger or downloaded incorrect .asc file (for example for different version).
 

donation: 1JTBZEprk8pdSUtkQyFLVUy45g6x8cKoyJ

[bitdaric]

Mac:

1. install homebrew from http://brew.sh/

2. using homebrew install gnupg:

Code:

brew install gnupg

3. then type:

Code:

gpg --recv-keys 2BD5824B7F9470E6

you will see these messages:

gpg: requesting key 7F9470E6 from hkp server pgp.mit.edu
gpg: key 7F9470E6: "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" 10 new signatures
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:         new signatures: 10

4. download Electrum and sign file (.asc file) from https://electrum.org for example:

Code:

wget https://download.electrum.org/3.3.6/Electrum-3.3.6.tar.gz
wget https://download.electrum.org/3.3.6/Electrum-3.3.6.tar.gz.asc

5. now verify files:

Code:

gpg --verify Electrum-3.3.6.tar.gz.asc Electrum-3.3.6.tar.gz

you will see these messages:

gpg: Signature made Fri Jan 25 19:51:07 2019 UTC using RSA key ID 7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>"
gpg:                 aka "ThomasV <thomasv1@gmx.de>"
gpg:                 aka "Thomas Voegtlin <thomasv1@gmx.de>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6

as you see in second line it tell us `Good signature`. then that is correct version.

if you see these messages:

gpg: Signature made Fri Dec 21 22:08:41 2018 UTC using RSA key ID 7F9470E6
gpg: BAD signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>"

that tell you `BAD signature`. then you are in danger or downloaded incorrect .asc file (for example for different version).
 

donation: 1JTBZEprk8pdSUtkQyFLVUy45g6x8cKoyJ

[elda34b]

You can also use GPA in Linux. Just an alternative version (more UI friendly than GPG) of GPG in Linux. I use both though.

[ETFbitcoin]

You can also use GPA in Linux. Just an alternative version (more UI friendly than GPG) of GPG in Linux. I use both though.

GPG is far faster though, you only need to open terminal from downloaded folder and run step 4 (gpg --verify Electrum-3.3.3.tar.gz.asc Electrum-3.3.3.tar.gz)

[zetzetzet]

Don't work search in Kleopatra
Smb know why?

[ETFbitcoin]

Don't work search in Kleopatra
Smb know why?

You probably entered incorrect string, use Tor (sometimes it doesn't work when using Tor in my case) or something wrong happen wit the server (AFAIK they search on https://pgp.mit.edu where i got error 502/503)

[pooya87]

Don't work search in Kleopatra
Smb know why?

You probably entered incorrect string, use Tor (sometimes it doesn't work when using Tor in my case) or something wrong happen wit the server (AFAIK they search on https://pgp.mit.edu where i got error 502/503)

i have encountered the same problem without Tor where the pgp.mit.edu server itself is offline and unreachable which is why you also get an error in PGP applications trying to fetch the public key. changing the key server fixes that problem.

Code:

gpg --keyserver pool.sks-keyservers.net --recv-keys 7F9470E6

https://superuser.com/a/1250706
or for Kleopatra i think this article can help: https://www.gpg4win.org/doc/en/gpg4win-compendium_22.html

[zetzetzet]

yeah, smth with pgp.mit.edu
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6

[Rayser]

3. then type:

Code:

gpg --recv-keys 2BD5824B7F9470E6

Better if you use:  

Code:

gpg --recv-keys 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6

I have a tutorial waiting on Github.

https://github.com/spesmilo/electrum-docs/pull/84/files