Marcelo Martins

Marcelo Martins

Cybersecurity specialist. Hacking, teaching, breaking stuff.

Verifying digital signatures: Electrum

1 minute read

Bitcoin and Decred aren’t archenemies. It is very much likely that, at some point, you will exchange resources using this two networks, or will keep balance in both of them for some time.

Electrum is one of most used wallets for Bitcoin. But before installing any software we should always verify its digital signature, if available. To learn more, read Verifying digital signatures.

Mac

a) Go to https://electrum.org/#download

b) Download to the same directory the files available in two links: Executable for OS X and signature.

c) In case the key hasn’t already been imported (error: ‘gpg: Can’t check signature: No public key’): import the developer’s public key (GPG will try to connect to the Internet using port TCP/11371):

$ gpg --keyserver pgp.mit.edu --recv-keys 0x7F9470E6

d) Make sure the correct key was imported:

gpg: key 2BD5824B7F9470E6: "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" 57 new signatures

e) Verify the digital signature:

$ gpg --verify electrum-$VERSION.dmg.asc

f) Look in the gpg output for:

gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown]

g) Mount the image and move Electrum to the Applications folder.

Linux

a) Go to https://electrum.org/#download

b) Download to the same directory the files available in two links: Electrum-$VERSION.tar.gz and signature

c) In case the key hasn’t already been imported (error: ‘gpg: Can’t check signature: No public key’): import the developer’s public key (GPG will try to connect to the Internet using port TCP/11371):

$ gpg --keyserver pgp.mit.edu --recv-keys 0x7F9470E6

d) Make sure the correct key was imported:

gpg: key 2BD5824B7F9470E6: "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" 57 new signatures

e) Verify the digital signature:

$ gpg --verify electrum-$VERSION.tar.gz.asc

f) Look in the gpg output for:

gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown]

g) Install using pip3:

$ sudo pip3 install Electrum-$VERSION.tar.gz

Windows

a) Go to https://electrum.org/#download

b) Download to the same directory the files available in two links: Standalone Executable and signature

c) In case the key hasn’t already been imported (error: ‘gpg: Can’t check signature: No public key’): import the developer’s public key (GPG will try to connect to the Internet using port TCP/11371):

> gpg --keyserver pgp.mit.edu --recv-keys 0x7F9470E6

d) Make sure the correct key was imported:

gpg: key 2BD5824B7F9470E6: "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" 57 new signatures

e) Verify the digital signature:

> gpg--verify electrum-$VERSION.exe.asc

f) Look in the gpg output for:

gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown]

g) Install by running the executable.