Bitcoin Forum
November 10, 2024, 12:47:58 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Problem verifying electrum  (Read 111 times)
highfarmer (OP)
Jr. Member
*
Offline Offline

Activity: 30
Merit: 5


View Profile
March 20, 2021, 12:07:48 AM
 #1

I am on mac and I am trying to verifying Electrum, but without any success unfortunately.

I have downloaded and installed the gpg suite. I have added Thomas Voegtlin to the "collection" and I have also been downloaded the .dmg (program itself) and the .asc-file (the code from the site).

First I opened the .asc-file and a messages comes up withing the gpg-program stating that "the signature does not match this message. You should not trust this message, because it was manipulated..."

When I then right click on the .dmd-file and choose "services" > "OpenPGP: Verify Signature of File" it just says "no signatures found".

What am I doing wrong here? 
nc50lc
Legendary
*
Offline Offline

Activity: 2590
Merit: 6366


Self-proclaimed Genius


View Profile
March 20, 2021, 03:21:20 AM
 #2

Where did you downloaded electrum?

The name of asc file should be the same as the dmg file including the extension except it has ".asc" as 'the' extension.
Example: the files should be named as electrum-4.0.9.dmg and electrum-4.0.9.dmg.asc, and should be in the same directory/folder.

Anyways, you can review this Guide by DireWolfM14:

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Maus0728
Legendary
*
Offline Offline

Activity: 2030
Merit: 1582


View Profile
March 20, 2021, 05:07:47 AM
 #3

When I then right click on the .dmd-file and choose "services" > "OpenPGP: Verify Signature of File" it just says "no signatures found".
I think you forgot to import the developer's PGP public key that can be found on the [1] https://electrum.org/#download. Without it, you cannot verify the signature of your electrum.

[1] https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc

Alternatively, you can also follow the guide for MAC.

[2] https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-mac/


ranochigo
Legendary
*
Offline Offline

Activity: 3038
Merit: 4420


Crypto Swap Exchange


View Profile
March 20, 2021, 05:17:28 AM
 #4

I think you forgot to import the developer's PGP public key that can be found on the [1] https://electrum.org/#download. Without it, you cannot verify the signature of your electrum.

[1] https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc
The signature isn't verified, OP has imported the public key before. It should still show the RSA key without knowledge of the PGP key, instead of a signature mismatch.

As said, changing the file extension to something other than .asc can make it unusable for validation. Make sure that the file name of your .asc matches your .dmg as well.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
highfarmer (OP)
Jr. Member
*
Offline Offline

Activity: 30
Merit: 5


View Profile
March 20, 2021, 03:46:18 PM
Merited by nc50lc (1)
 #5

Thank you for the answers!

It seemed that the name of the electrum itself and the asc-file was not the same since I had downloaded a couple of dubplates and since them the name was slightly change. But when I renamed them to the name "electrum-4.0.9.dmg" and "electrum-4.0.9.dmg.asc" and right-click on the dmd itself and "services" > "OpenPGP: Verify Signature of File" it says the following:

Thomas Voegtlin <thomasv@electrum.org>
6694 D8DE 8BE8 EE56 31BE D950 2BD5 824B 7F94 70E6

The signature of this message is valid but utrusted. That means it has not been tampered with. It is untrusted though, because the key has not yet been verified.


So, is this enough? Should I do something more before I can fully trust this is a legit version?
ranochigo
Legendary
*
Offline Offline

Activity: 3038
Merit: 4420


Crypto Swap Exchange


View Profile
March 20, 2021, 03:51:02 PM
Merited by nc50lc (1)
 #6

The signature of this message is valid but utrusted. That means it has not been tampered with. It is untrusted though, because the key has not yet been verified.
Yeah, you'll have to certify it somehow. Not a problem though.
So, is this enough? Should I do something more before I can fully trust this is a legit version?
Unless the PGP key has been compromised, which is quite unlikely, you can trust that this was signed by ThomasV. The fingerprint that I've imported matches yours, 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6. If you trust that the public key is accurate, then you've downloaded the legit version.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
nc50lc
Legendary
*
Offline Offline

Activity: 2590
Merit: 6366


Self-proclaimed Genius


View Profile
March 21, 2021, 03:29:20 AM
 #7

The signature of this message is valid but utrusted. That means it has not been tampered with. It is untrusted though, because the key has not yet been verified.
You must have set the "trust level" or "owner trust" to a lower value or default, it needs a higher trust level to remove that warning.
The info on how to set it is in the second link to DireWolfM14's post I've provided in my previous post (the last step for "Import on Mac OS").

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!