Bitcoin Forum
November 02, 2024, 07:02:24 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 6 7 8 9 »  All
  Print  
Author Topic: [GUIDE] How to Safely Download and Verify Electrum [Guide]  (Read 48215 times)
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
April 26, 2021, 06:29:23 PM
Merited by JayJuanGee (1), DireWolfM14 (1)
 #41

Internally, GPG signatures already use a hash or checksum, most likely either SHA1 or SHA256, so it's not any more likely than the signature itself to have a collision. The signature could be SHA512 (that's what I set mine to) so the "unlikelyness" of a collision is effectively and for all practical purposes, zero, unless something is broken.

With a GPG signature, the file is first hashed, then that hash is then signed. It does not "sign" the whole file.

I think the files should be both signed and also include a hash (and the hashes are also signed). More work maybe, but what's another page to sign? If not, just accept what is available. GPG signatures alone are more than enough. Hashes just make it convenient and easy to verify download integrity.

NotATether
Legendary
*
Offline Offline

Activity: 1778
Merit: 7354


Top Crypto Casino


View Profile WWW
April 26, 2021, 06:47:13 PM
 #42

And, like NotATether already mentioned; the question was posed to the Electrum dev team.

Minor correction: I did not ask the dev team, but I made a thread about it here and those were the answers I got (it's a good throwback read).

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
DireWolfM14 (OP)
Copper Member
Legendary
*
Offline Offline

Activity: 2338
Merit: 4541


Join the world-leading crypto sportsbook NOW!


View Profile WWW
April 26, 2021, 07:15:08 PM
 #43

when I firstly verified electrum using this tutorial, I wasn't completely sure of what I was doing. I was feeling secure with the replies and with the greatly described steps, but I considered the method kinda complex.

Thank you for saying that, this is actually the type of feedback I want.  Would you be willing to take some time and tell me what you found to be complicated?  I would really like this tutorial to be simple enough for folks who aren't what we would call "computer savvy," and those who are new to cryptography.

It can be hard for us who enjoy these types of technical projects to put things into the perspective of the masses who don't.  But, we need to keep in mind that we all started someplace.  No one is born with knowledge of cryptography, we all started with a lot less knowledge than we have today.  I've been playing and working with computers since 1985 and considered myself among the more advanced users in my circle of acquaintances and collogues.  But, when I showed up here I felt like a complete dunce.  It had been nearly 20 years since I had used a Unix style OS, and found myself struggling with simple shell commands.  I still get lost reading the technical boards, and realize I've only scratched the surface of how much knowledge exists here.

And, I don't think you and I are alone.  Look at how many newbie accounts pop up asking pertinent, pointed technical questions.  I have a feeling many of these "newbies" are actually long time members who are embarrassed to ask questions from their main account.


Or I may simply have this weirdly paranoid symptom in which you want to understand every-single-thing you're doing, on a disgustingly detailed way, such as understanding the maths behind RSA/ECC.

Lol.  Don't stop.

  ▄▄███████▄███████▄▄▄
 █████████████
▀▀▀▀▀▀████▄▄
███████████████
       ▀▀███▄
███████████████
          ▀███
 █████████████
             ███
███████████▀▀               ███
███                         ███
███                         ███
 ███                       ███
  ███▄                   ▄███
   ▀███▄▄             ▄▄███▀
     ▀▀████▄▄▄▄▄▄▄▄▄████▀▀
         ▀▀▀███████▀▀▀
░░░████▄▄▄▄
░▄▄░
▄▄███████▄▀█████▄▄
██▄████▌▐█▌█████▄██
████▀▄▄▄▌███░▄▄▄▀████
██████▄▄▄█▄▄▄██████
█░███████░▐█▌░███████░█
▀▀██▀░██░▐█▌░██░▀██▀▀
▄▄▄░█▀░█░██░▐█▌░██░█░▀█░▄▄▄
██▀░░░░▀██░▐█▌░██▀░░░░▀██
▀██
█████▄███▀▀██▀▀███▄███████▀
▀███████████████████████▀
▀▀▀▀███████████▀▀▀▀
█████████████LEADING CRYPTO SPORTSBOOK & CASINO█████████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
.
..PLAY NOW!..
BlackHatCoiner
Legendary
*
Offline Offline

Activity: 1694
Merit: 8318


Bitcoin is a royal fork


View Profile WWW
April 26, 2021, 08:09:08 PM
Merited by JayJuanGee (1), DireWolfM14 (1)
 #44

Thank you for saying that, this is actually the type of feedback I want.  Would you be willing to take some time and tell me what you found to be complicated?
There aren't many things to be mentioned about the complexity of the tutorial. As I said, you guided the reader step-by-step of how to verify the signature of the binaries, but what I find missing from this tutorial and generally from almost every tutorial on the internet is the lack of explanation. Don't get me wrong! Not the explanation that will make you succeed on verifying the signature. I'm talking about the answer to "why?".

You do not need your own private key to verify a signature, but you will need one to certify the public keys of others.
Why would I need a private key to certify the public keys of others?

Chose the email address you want to certify, there's no reason not to select them all.  Click Certify.
Why would I need to certify someone just to ensure that my electrum binaries aren't malicious? Why will I have to deal with an email address and how is it resulted from a file of non-sense characters?

Once installation is completed, and Kleopatra launches I recommend you create a private key.
Why would you recommend me to create a private key? Note that this can be very confusing for a newbie. Do I need a private key for the certification of Thomas' identity or is it just recommended after all?

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
pooya87
Legendary
*
Offline Offline

Activity: 3626
Merit: 10994


Crypto Swap Exchange


View Profile
April 27, 2021, 04:31:01 AM
Merited by JayJuanGee (1), ranochigo (1)
 #45

I think the files should be both signed and also include a hash (and the hashes are also signed). More work maybe, but what's another page to sign? If not, just accept what is available. GPG signatures alone are more than enough. Hashes just make it convenient and easy to verify download integrity.
That would be pointless because it is like saying each transaction should both contain the signature and the hash it signed. We already know how to serialize the transaction and hash it to verify that signature in that transaction, similarly we already know how to read the file binary and hash it to then sign.

On top of that providing the hash is increasing the risk of newbies getting scammed because it encourages lazy people to only verify the hash instead of the signature (even if the signature is also provided). Down the line we could see someone downloading a fake Electrum and only verifying its hash the scammer provided!

File hashes should ONLY be used for integrity validation NOT authenticity. Integrity validation is also not needed because it is leftover concept from the dial up model days when the  downloaded file could get corrupted.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
NotATether
Legendary
*
Offline Offline

Activity: 1778
Merit: 7354


Top Crypto Casino


View Profile WWW
April 27, 2021, 07:01:50 AM
 #46

Once installation is completed, and Kleopatra launches I recommend you create a private key.
Why would you recommend me to create a private key? Note that this can be very confusing for a newbie. Do I need a private key for the certification of Thomas' identity or is it just recommended after all?

You don't need a private key or to certify anything to verify stuff, the certify process is only to remove the bogus "This key is not trusted" warnings. Some suites may not even display it at all (GPGtools does insist on making a keypair though, I wonder if you can skip that part).

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
pooya87
Legendary
*
Offline Offline

Activity: 3626
Merit: 10994


Crypto Swap Exchange


View Profile
April 27, 2021, 07:26:12 AM
Merited by JayJuanGee (1), NotATether (1)
 #47

Once installation is completed, and Kleopatra launches I recommend you create a private key.
Why would you recommend me to create a private key? Note that this can be very confusing for a newbie. Do I need a private key for the certification of Thomas' identity or is it just recommended after all?

You don't need a private key or to certify anything to verify stuff, the certify process is only to remove the bogus "This key is not trusted" warnings. Some suites may not even display it at all (GPGtools does insist on making a keypair though, I wonder if you can skip that part).
They whole point of using PGP keys to sign stuff for others to verify them is to utilize the Web of Trust which is the correct way of using PGP too. That warning is mandatory (it is not bogus, and should not be hidden) since it is telling you that you have forgotten a very important step in verifying digital signatures which is to first import a trusted public key the correct way not just copy it from the internet without putting much thought into it.

By adding the public key of the signer and adding it to your trusted keys (you should have your own key here) you are confirming that you DO actually trust this public key.
Otherwise a malicious attacker can create a fake software, a fake public key and a valid signature with that fake public key. An unaware user downloading all 3 from the same place would see a valid signature but has a fake/malicious software.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
April 27, 2021, 12:29:23 PM
 #48

People getting lazy for any reason on verifying signatures, that's on them. If a hash is provided, verify hash for integrity. (some people still use dial up modems today or are on choppy intermittent satellite connections). If a GPG signature is provided, verify it too.

As to why?, aside from all the other reasons stated, why not? How else do you know if a particular public key is trusted if no one else signs it? Very few people actually trust my own public key (or more accurately, few signed it and uploaded the signed key to the keyserver) but I've tried to put it in more than one place.

DireWolfM14 (OP)
Copper Member
Legendary
*
Offline Offline

Activity: 2338
Merit: 4541


Join the world-leading crypto sportsbook NOW!


View Profile WWW
August 15, 2021, 09:39:19 PM
Merited by pooya87 (2), BlackHatCoiner (1)
 #49

Since the Electrum releases are now being signed by multiple builders I thought it was a good time to update the OP to mention that fact, and also add the following link:

Electrum Builders' Signing Keys: https://github.com/spesmilo/electrum/tree/master/pubkeys

  ▄▄███████▄███████▄▄▄
 █████████████
▀▀▀▀▀▀████▄▄
███████████████
       ▀▀███▄
███████████████
          ▀███
 █████████████
             ███
███████████▀▀               ███
███                         ███
███                         ███
 ███                       ███
  ███▄                   ▄███
   ▀███▄▄             ▄▄███▀
     ▀▀████▄▄▄▄▄▄▄▄▄████▀▀
         ▀▀▀███████▀▀▀
░░░████▄▄▄▄
░▄▄░
▄▄███████▄▀█████▄▄
██▄████▌▐█▌█████▄██
████▀▄▄▄▌███░▄▄▄▀████
██████▄▄▄█▄▄▄██████
█░███████░▐█▌░███████░█
▀▀██▀░██░▐█▌░██░▀██▀▀
▄▄▄░█▀░█░██░▐█▌░██░█░▀█░▄▄▄
██▀░░░░▀██░▐█▌░██▀░░░░▀██
▀██
█████▄███▀▀██▀▀███▄███████▀
▀███████████████████████▀
▀▀▀▀███████████▀▀▀▀
█████████████LEADING CRYPTO SPORTSBOOK & CASINO█████████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
.
..PLAY NOW!..
BlackHatCoiner
Legendary
*
Offline Offline

Activity: 1694
Merit: 8318


Bitcoin is a royal fork


View Profile WWW
August 16, 2021, 07:23:59 AM
 #50


Wouldn't it be wiser to publish those keys on separate places? For example, they could also upload them onto Google Drive, Gitlab etc. It doesn't offer a greater security if in the same place Thomas' public key is, you put the others' too, because the compromiser could just generate seven keys more.

There might be a reason behind this I can't think of at the moment. Anyway, thanks for doing it.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
DireWolfM14 (OP)
Copper Member
Legendary
*
Offline Offline

Activity: 2338
Merit: 4541


Join the world-leading crypto sportsbook NOW!


View Profile WWW
August 16, 2021, 02:27:21 PM
Merited by BlackHatCoiner (1)
 #51


Wouldn't it be wiser to publish those keys on separate places? For example, they could also upload them onto Google Drive, Gitlab etc. It doesn't offer a greater security if in the same place Thomas' public key is, you put the others' too, because the compromiser could just generate seven keys more.

There might be a reason behind this I can't think of at the moment. Anyway, thanks for doing it.

I don't think it's a big deal that they're all in the same Git repository.  The odds of both the Electrum site and the Git repository getting hacked at the same time are extremely remote.  If one or the other gets hacked the binary signatures wouldn't verify. 

I do think it adds security to have a couple of sources from which one could download the keys, just in case one of those sources is hacked.  In the OP I included redundant sources for ThomasV's key.  If you're in the habit of storing other people's public keys yourself, this really only helps when you download someone's key for the first time.  It would allow you to confirm that the multiple sources provide the same key, which helps confirm the key's authenticity.  Once the key has been downloaded and a signature confirmed, you should store the key locally.  Again, this is based on the theory that it's unlikely for multiple sites to get hacked simultaneously.

  ▄▄███████▄███████▄▄▄
 █████████████
▀▀▀▀▀▀████▄▄
███████████████
       ▀▀███▄
███████████████
          ▀███
 █████████████
             ███
███████████▀▀               ███
███                         ███
███                         ███
 ███                       ███
  ███▄                   ▄███
   ▀███▄▄             ▄▄███▀
     ▀▀████▄▄▄▄▄▄▄▄▄████▀▀
         ▀▀▀███████▀▀▀
░░░████▄▄▄▄
░▄▄░
▄▄███████▄▀█████▄▄
██▄████▌▐█▌█████▄██
████▀▄▄▄▌███░▄▄▄▀████
██████▄▄▄█▄▄▄██████
█░███████░▐█▌░███████░█
▀▀██▀░██░▐█▌░██░▀██▀▀
▄▄▄░█▀░█░██░▐█▌░██░█░▀█░▄▄▄
██▀░░░░▀██░▐█▌░██▀░░░░▀██
▀██
█████▄███▀▀██▀▀███▄███████▀
▀███████████████████████▀
▀▀▀▀███████████▀▀▀▀
█████████████LEADING CRYPTO SPORTSBOOK & CASINO█████████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
.
..PLAY NOW!..
NotATether
Legendary
*
Offline Offline

Activity: 1778
Merit: 7354


Top Crypto Casino


View Profile WWW
August 16, 2021, 03:07:36 PM
 #52

Wouldn't it be wiser to publish those keys on separate places? For example, they could also upload them onto Google Drive, Gitlab etc. It doesn't offer a greater security if in the same place Thomas' public key is, you put the others' too, because the compromiser could just generate seven keys more.

Or just upload all the public keys on a public PGP server. There are several of them on the internet that sync with each other, and finding one having a working page that lets you upload keys isn't too hard. These keys can't get "hacked" in the traditional sense because most clients that download these keys have a list of mirrors to try.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
August 17, 2021, 01:27:48 PM
 #53

He should just post his key here and sticky it, have a few others quote it, then lock the thread. It's not perfect, as bitcointalk accounts can get hacked, but it will work as an additional source.

Maus0728
Legendary
*
Offline Offline

Activity: 2030
Merit: 1582


View Profile
August 28, 2021, 06:57:27 AM
 #54

I know this is a very dumb question but this is the first time I encountered this issue where I always need to rename the signature file similar to the name of the corresponding windows installer.

I've downloaded the signature file with a file name of:
Code:
electrum-4.1.5-setup.exe.developername.asc

Then I renamed the file to make the verification of the signature become possible using Kleopatra.
Code:
electrum-4.1.5-setup.exe

Am i doing this correctly? Because if I did not changed it there is an error that keeps popping out.
BlackHatCoiner
Legendary
*
Offline Offline

Activity: 1694
Merit: 8318


Bitcoin is a royal fork


View Profile WWW
August 28, 2021, 07:18:54 AM
 #55

Am i doing this correctly? Because if I did not changed it there is an error that keeps popping out.

I had encountered this, too. It seems that Kleopatra has to somehow find the executable by the name of the .asc file. Anyway, it doesn't matter with the verification and yes, you did it properly. The names of those files aren't related at all. There must be a setting where you choose both the signature and the executable and not just the signature.

It has quite confusing UI if I remember correctly.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
nc50lc
Legendary
*
Online Online

Activity: 2590
Merit: 6310


Self-proclaimed Genius


View Profile
August 28, 2021, 10:31:05 AM
Merited by HCP (10), Coin-Keeper (10), pooya87 (6), LoyceV (6), Rath_ (4), ABCbits (3), JayJuanGee (2), Pmalek (2), DireWolfM14 (2), Husna QA (1), BlackHatCoiner (1)
 #56

-snip- There must be a setting where you choose both the signature and the executable and not just the signature.
Actually, there is.

Here's how to enable it:
  • Open Kleopatra's configuration - "Settings->Configure Kleopatra..."
  • Go to "Crypto Operations" and uncheck "Automatically start operation based on input detection for decrypt/verify"; then Apply/OK.
  • With that, every time you open an ".asc" file, you'll be prompted to select the file to verify using that signature file.

Image (after opening the signature):

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
HCP
Legendary
*
Offline Offline

Activity: 2086
Merit: 4361

<insert witty quote here>


View Profile
August 29, 2021, 09:57:10 PM
 #57

With that, every time you open an ".asc" file, you'll be prompted to select the file to verify using that signature file.
And just to clarify, because it may not be immediately obvious... after you double click the .asc file and get the dialog shown, You click the folder icon labelled #1 and select the .exe that you're trying to verify (that is the "signed data"). Then you click "Decrypt/Verify".


ps. that get's my vote for post of the year! Cheesy

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
█░░░░░░█░░░░░░█
▀███▀░░▀███▀░░▀███▀
▀░▀░░░░▀░▀░░░░▀░▀
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░█░░░███▄█░░░
░░██▌░░███░▀░░██▌
░█░██░░███░░░█░██
░█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Coin-Keeper
Hero Member
*****
Offline Offline

Activity: 761
Merit: 606



View Profile
August 30, 2021, 09:59:22 PM
 #58

-snip- There must be a setting where you choose both the signature and the executable and not just the signature.
Actually, there is.

Here's how to enable it:
  • Open Kleopatra's configuration - "Settings->Configure Kleopatra..."
  • Go to "Crypto Operations" and uncheck "Automatically start operation based on input detection for decrypt/verify"; then Apply/OK.
  • With that, every time you open an ".asc" file, you'll be prompted to select the file to verify using that signature file.

Image (after opening the signature):


Fantastic post and find!!!!!  Works perfectly for me after 6 test runs with different stuff.  Also, the asc file name is not important at all because kleopatra will match the signing key to the actual file you are trying to verify as noted a post or two above this one.

I simply name the signature file as sig.asc on my Desktop.  I like keeping things simple.  This is so easy I may stop using command lines in a terminal for this process.

GREAT find and post worth merits!!!!!!

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
saraariel
Newbie
*
Offline Offline

Activity: 26
Merit: 1


View Profile
September 06, 2021, 08:04:20 PM
 #59

The guide has instructions for three operating systems, you only need to follow the instruction for your OS.  I do recommend you complete all the steps, as it makes abundantly clear that you have the authentic version and not malware.  There are three steps to complete,

Here're links to the instructions for windows:

Install:
https://bitcointalk.org/index.php?topic=5240594.msg54467820;topicseen#post_WinInstall
Import.ThomasV's.Key:
https://bitcointalk.org/index.php?topic=5240594.msg54467820;topicseen#post_WinImport
Verify:
https://bitcointalk.org/index.php?topic=5240594.msg54467820;topicseen#post_WinVerify

"In Kleaopatra, click on the "Decrypt/Verify" button, and browse to the location of the .exe and .asc files you saved.  Select the .asc file, and click "Open.""

When I do that, it says An error occurred, could not open file: input/output error. I did all the steps, but here is where it stops.
DireWolfM14 (OP)
Copper Member
Legendary
*
Offline Offline

Activity: 2338
Merit: 4541


Join the world-leading crypto sportsbook NOW!


View Profile WWW
September 06, 2021, 08:11:45 PM
Merited by pooya87 (2)
 #60

~

The Electrum development group has started issuing signatures from multiple developers, so now the signature files have different names than the executable file.  That's what's causing your problem.  I'm sorry I haven't had time to update the OP with the new instructions yet, but look at post number 57 of this thread.  nc50lc shows how to configure Kleopatra so it'll prompt you to select the .exe file separately.  Once configured properly, and you double-click an .asc file, Kleopatra will open a dialogue  box.  There under the field marked "Signed Data" brows to and select the electrum .exe file.

  ▄▄███████▄███████▄▄▄
 █████████████
▀▀▀▀▀▀████▄▄
███████████████
       ▀▀███▄
███████████████
          ▀███
 █████████████
             ███
███████████▀▀               ███
███                         ███
███                         ███
 ███                       ███
  ███▄                   ▄███
   ▀███▄▄             ▄▄███▀
     ▀▀████▄▄▄▄▄▄▄▄▄████▀▀
         ▀▀▀███████▀▀▀
░░░████▄▄▄▄
░▄▄░
▄▄███████▄▀█████▄▄
██▄████▌▐█▌█████▄██
████▀▄▄▄▌███░▄▄▄▀████
██████▄▄▄█▄▄▄██████
█░███████░▐█▌░███████░█
▀▀██▀░██░▐█▌░██░▀██▀▀
▄▄▄░█▀░█░██░▐█▌░██░█░▀█░▄▄▄
██▀░░░░▀██░▐█▌░██▀░░░░▀██
▀██
█████▄███▀▀██▀▀███▄███████▀
▀███████████████████████▀
▀▀▀▀███████████▀▀▀▀
█████████████LEADING CRYPTO SPORTSBOOK & CASINO█████████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
.
..PLAY NOW!..
Pages: « 1 2 [3] 4 5 6 7 8 9 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!