Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Electrum
Merits 2 from 2 users
Re: [GUIDE] How to Safely Download and Verify Electrum [Guide]
by
DireWolfM14
on 04/05/2022, 22:07:27 UTC
⭐ Merited by RickDeckard (1) ,JayJuanGee (1)
Quote from: NeoArkan on Today at 09:36:42 PM
Hello,

Thanks for this interesting post.

I am considering verify Electrum with your method. I have read carefully your tutorial but I still need to start the process.

I am a Mac user and I had several questions :
-I have already downloaded Electrum (from the original website : electrum.org) --> Do I have to uninstall Electrum and install it again after installing GPG, generate private key (I am not sure to understand the reason of the private key either) and Imprt ThomasV's PGP Key on MacOS ? Or I can verify Electrum while it's already on my MacOS ?
-For info, I am using the Electrum version 4.2.1[/quote/]

The version of Electrum isn't important, the method I described works for v4.2.1 and should work for future releases as well.  You don't need to uninstall Electrum to verify the .dmg file.  You just need to download the .asc signature file associated with the .dmg file, and run the verification method.  If it passes then you know the software you've already installed is authentic.  If it doesn't pass verification, then you should definitely purge the installation.  Personally, I would purge the entire system, but I'm paranoid.


Quote from: NeoArkan on Today at 09:36:42 PM
I had another question concerning :

"Import ThomasV's PGP Key on Mac OS
Download ThomasV's PGP Key from a trusted source.  If it's not already running, launch the GPG Keychain app, and click the import button.  Browse to the location where you saved the ThomasV.asc file, and select it."

Are these links are the trusted source for ThomasV's PGP key (in the beginning of your tutorial) :

"Redundant links to ThomasV's public key:
https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc
https://keys.openpgp.org/search?q=6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6694d8de7be8ee5631bed9502bd5824b7f9470e6"

If yes. I have opened the first link and there is indeed a long public key BUT I have no idea how to download it in .asc format. (sorry I'm new in bitcoin AND also in MacOs). Can you explain ?

From first you, it's the only steps that are unclear for the moment.

Thanks for your help.


Yes, those are trusted sources for ThomasV's key.  The easiest way to save the key is by copying the text from that first link, and pasting it into your favorite text editor.  You can then save it on your system with the name that you choose.  The name of the file isn't important, but remember where you saved it so that you can browse back to that location while importing into your GPG app.