Electrum Install on Linux Ubuntu

[Jerboa_81]

Hello Everyone.

I would like to install Electrum on my Ubuntu Linux.

For this, I did Two way tar.gz and Appimage...

I downloaded and import the signature of ThomasV
wget https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc
gpg --import ThomasV.asc

gpg: répertoire « /home/jerboa/.gnupg » créé
gpg: le trousseau local « /home/jerboa/.gnupg/pubring.kbx » a été créé
gpg: /home/jerboa/.gnupg/trustdb.gpg : base de confiance créée
gpg: clef 2BD5824B7F9470E6 : clef publique « Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org> » importée
gpg: Quantité totale traitée : 1
gpg:               importées : 1


well



with the tar.gz:

I installed the dependencies
sudo apt-get install python3-pyqt5 libsecp256k1-0 python3-cryptography

I downloaded the tar.gz
wget https://download.electrum.org/4.1.2/Electrum-4.1.2.tar.gz

I downloaded the signature and verified:
wget https://download.electrum.org/4.1.2/Electrum-4.1.2.tar.gz.asc
gpg --verify Electrum-4.1.2.tar.gz.asc

gpg: les données signées sont supposées être dans « Electrum-4.1.2.tar.gz »
gpg: Signature faite le jeu 08 avr 2021 15:47:30 CEST
gpg:                avec la clef RSA 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Bonne signature de « Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org> » [inconnu]
gpg:                 alias « ThomasV <thomasv1@gmx.de> » [inconnu]
gpg:                 alias « Thomas Voegtlin <thomasv1@gmx.de> » [inconnu]
gpg: Attention : cette clef n'est pas certifiée avec une signature de confiance.
gpg:          Rien n'indique que la signature appartient à son propriétaire.
Empreinte de clef principale : 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6


which means: "Attention: this key is not certified with trust signature"




with AppImage

with the Appimage package, the problem is the same:

gpg --verify ./electrum-4.1.2-x86_64.AppImage.asc

gpg: les données signées sont supposées être dans « ./electrum-4.1.2-x86_64.AppImage »
gpg: Signature faite le jeu 08 avr 2021 15:47:31 CEST
gpg:                avec la clef RSA 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Bonne signature de « Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org> » [inconnu]
gpg:                 alias « ThomasV <thomasv1@gmx.de> » [inconnu]
gpg:                 alias « Thomas Voegtlin <thomasv1@gmx.de> » [inconnu]
gpg: Attention : cette clef n'est pas certifiée avec une signature de confiance.
gpg:          Rien n'indique que la signature appartient à son propriétaire.
Empreinte de clef principale : 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6


which means: "Attention: this key is not certified with trust signature"


Does the both software I downloded are corrupted?
Can someone help me?

Thanks in advance.

[BitMaxz]

You are verifying the signature?

It seems it's the right result for verifying the Electrum signature.

Read this https://electrum.readthedocs.io/en/latest/gpg-check.html

According to the link, you can ignore these below

Code:

WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.

As long as the result after you use "gpg --verify Electrum-4.1.2.tar. gz.asc" and the result is "Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>"

It's a good signature and the original Electrum.

[khaled0111]

gpg:          Rien n'indique que la signature appartient à son propriétaire.
Empreinte de clef principale : 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6

That's ThomasV's (Electrum developer) puplic key fingerprint indeed. So you are good and you can safely ignore that warning message.

You can add that public key to your keyring and sign it with your private key to confirm it really belongs to ThomasV and avoid that warning message in the future.

[DireWolfM14]

which means: "Attention: this key is not certified with trust signature"

It appears you have the right files because they are signed by the correct key (6694D8DE7BE8EE5631BED9502BD5824B7F9470E6,) but you have not certified ThomasV's key.  Certifying the key essentially tells gnupg that you trust the key and the owner.

To sign ThomasV's use the following code:

Code:

gpg --sign-key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6

Or:

Code:

gpg --lsign-key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6

[Jerboa_81]

OK, Thank you.

[HCP]

Code:

gpg: Bonne signature de « Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org> » [inconnu]
gpg:                 alias « ThomasV <thomasv1@gmx.de> » [inconnu]
gpg:                 alias « Thomas Voegtlin <thomasv1@gmx.de> » [inconnu]

This is the important part... it is indicating that you have a "Bonne" signature... If you had seen a message about a "Bad" signature, then you should be concerned... because it meant the signature in the downloaded file did not match with ThomasV's signature!


The warning you see simply means that you have not personally trusted ThomasV's signature yet... but that's not actually required to be able to confirm the actual signature as "Bonne" or "Bad"

[Husna QA]

-snip-
which means: "Attention: this key is not certified with trust signature"

Does the both software I downloded are corrupted?
Can someone help me?

If the primary key fingerprint that appears matches ThomasV's fingerprint and the Electrum file with its signature matches ("Good signature ..." / "Bonne signature ..."), then the file is original.

You can ignore this:

Code:

WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.

as it simply means you have not established a web of trust with other GPG users

However, if the Electrum installer file and its signature do not match the ThomasV public key, it will appear like the following example. It is advisable not to use the installer file.