Bitcoin Forum
May 23, 2019, 08:18:18 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: How verify Electrum signature  (Read 139 times)
Darooghe
Sr. Member
****
Offline Offline

Activity: 433
Merit: 252



View Profile
April 10, 2019, 10:34:44 PM
Merited by bones261 (2)
 #1

Hello

I downloaded "Kleopatra".
Then i copy "public key" from https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc.
Then i pasted all of them into "Kleopatra" by "certificate import" button:
I got this:



Then i downloaded "electrum-3.3.4-setup.exe" & "electrum-3.3.4-setup.exe.asc" from https://electrum.org/#download
Then i put both of them in the same folder
Then i click on "decrypt/verify" button and choose "electrum-3.3.4-setup.exe.asc".
Finally i got this:
The data could not be verified



Is everything OK or i did something wrong?
Is the signature matches with the files?

I did also the above instruction with "Electron cash" and got the same thing.


1558642698
Hero Member
*
Offline Offline

Posts: 1558642698

View Profile Personal Message (Offline)

Ignore
1558642698
Reply with quote  #2

1558642698
Report to moderator
1558642698
Hero Member
*
Offline Offline

Posts: 1558642698

View Profile Personal Message (Offline)

Ignore
1558642698
Reply with quote  #2

1558642698
Report to moderator
PLAY OVER 3000 GAMES
LIGHTNING FAST WITHDRAWALS
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1558642698
Hero Member
*
Offline Offline

Posts: 1558642698

View Profile Personal Message (Offline)

Ignore
1558642698
Reply with quote  #2

1558642698
Report to moderator
TryNinja
Legendary
*
Online Online

Activity: 1022
Merit: 1256


ChipMixer's Badge of Honor


View Profile
April 10, 2019, 10:51:55 PM
Merited by bones261 (3)
 #2

This just means that you haven't manually trusted ThomasV's key. The signatures are matching.

Right-click on ThomasV's name and select "Certificate"; Follow the quick steps and his "User-ID" will change from "not certified" to "certified";
Then, do the verification again and it will show a green message.

HCP
Legendary
*
Online Online

Activity: 980
Merit: 1507

<insert witty quote here>


View Profile
April 11, 2019, 05:11:53 AM
Merited by bones261 (3), ETFbitcoin (1), pooya87 (1), o_e_l_e_o (1)
 #3

Alternatively, simply click the "Show Audit Log" link shown in your screenshot... it'll show the commandline output... you should see:
Quote
gpg: Signature made 02/14/19 11:08:30 New Zealand Daylight Time
gpg:                using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown]
gpg:                 aka "ThomasV <thomasv1@gmx.de>" [unknown]
gpg:                 aka "Thomas Voegtlin <thomasv1@gmx.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6
You can safely ignore the "warning: this key is not certified with a trusted signature", as TryNinja explained, it just means that you haven't personally trusted ThomasV's signature Wink

Again, as long as you see the bold line that says: "gpg: Good signature", then everything is OK.




For the record, if the signature was "invalid", Kleopatra would warn you with a big red highlight like this:


"Invalid Signature"... and "Bad Signature"... and in the "show audit log" (or on the commandline), you'd see:
Quote
gpg: Signature made 02/14/19 11:08:30 New Zealand Daylight Time
gpg:                using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: BAD signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown]

igor72
Sr. Member
****
Offline Offline

Activity: 392
Merit: 322


View Profile
April 12, 2019, 06:45:47 AM
Last edit: April 12, 2019, 12:55:45 PM by igor72
Merited by suchmoon (4), bones261 (4), ETFbitcoin (3), HCP (2), pooya87 (1), bob123 (1), o_e_l_e_o (1), Husna QA (1)
 #4

Alternatively, simply click the "Show Audit Log" link shown in your screenshot... it'll show the commandline output... you should see:
Quote
gpg: Signature made 02/14/19 11:08:30 New Zealand Daylight Time
gpg:                using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown]
gpg:                 aka "ThomasV <thomasv1@gmx.de>" [unknown]
gpg:                 aka "Thomas Voegtlin <thomasv1@gmx.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6
You can safely ignore the "warning: this key is not certified with a trusted signature", as TryNinja explained, it just means that you haven't personally trusted ThomasV's signature Wink

Again, as long as you see the bold line that says: "gpg: Good signature", then everything is OK.
This is not completely accurate. Two conditions must be met:
1. Absence of “Bad Signature” or “Invalid Signature”
AND
2. The key must match the 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6 (or 2BD5 824B 7F94 70E6).

Fake signature example:
N00B4L
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
April 12, 2019, 05:19:55 PM
 #5

click the "Show Audit Log" link shown in your screenshot... it'll show the commandline output... you should see:
Quote
gpg: Signature made 02/14/19 11:08:30 New Zealand Daylight Time
gpg:                using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown]
gpg:                 aka "ThomasV <thomasv1@gmx.de>" [unknown]
gpg:                 aka "Thomas Voegtlin <thomasv1@gmx.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6

First time verifying and I think i followed the instructions correctly, double checking that this output is OK.

There is no "Bad/Invalid" and it says "good signature" and the fingerprint matches so I am guessing the difference is trivial, but i get an audit log without 2 of Thomas V's aliases:


Quote
gpg: Signature made 02/13/19 16:08:30 Central Standard Time
gpg:                using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
~this line/alias is missing/different~
gpg: Good signature from "ThomasV <thomasv1@gmx.de>" [unknown]
~this line/alias is missing~
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6
TryNinja
Legendary
*
Online Online

Activity: 1022
Merit: 1256


ChipMixer's Badge of Honor


View Profile
April 12, 2019, 05:23:47 PM
 #6

First time verifying and I think i followed the instructions correctly, double checking that this output is OK.

There is no "Bad/Invalid" and it says "good signature" and the fingerprint matches so I am guessing the difference is trivial, but i get an audit log without 2 of Thomas V's aliases:


Quote
gpg: Signature made 02/13/19 16:08:30 Central Standard Time
gpg:                using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
~this line/alias is missing/different~
gpg: Good signature from "ThomasV <thomasv1@gmx.de>" [unknown]
~this line/alias is missing~
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6
The primary key fingerprint matches and the signature returned “good”, so that’s what matters. You are fine.

N00B4L
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
April 12, 2019, 05:32:17 PM
 #7

Thank you.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!