Leading Bitcoin Wallet

Verify Electrum GPG Signature

Users can confirm the authenticity of Electrum’s binaries and source code using GPG signatures.

Always download Electrum from the official website (electrum.is). Remember to check the GPG signature each time you download a new version to maintain security.

Get ThomasV’s Public GPG Key

To verify Electrum’s signature, you first need to obtain the developer’s public key. Follow these steps:

  1. Open a terminal on your Linux system.
  2. Enter or copy-paste this command:
gpg --keyserver keys.gnupg.net --recv-keys 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6

This command fetches ThomasV’s public key from the keys.gnupg.net server.

Download Electrum and Its Signature File

To verify Electrum’s authenticity, you need both the software and its corresponding signature file. Follow these steps:

  1. Go to the official Electrum website.
  2. Find the version you want to install. You have two options:
    • Python package: Electrum-<version>.tar.gz
    • AppImage file
  3. Download your chosen Electrum file.
  4. Locate the signature file (it has a .asc extension) for the version you downloaded.
  5. Right-click on the signature file and select “Save As” or “Save Page As” to download it.
  6. Make sure both the Electrum file and its matching .asc signature file are in the same folder on your computer.

Verify Electrum GPG Signature

After downloading Electrum and its signature file, follow these steps to verify the signature:

  1. Open a terminal and navigate to the directory containing the downloaded files.
  2. Run this command, replacing <electrum file> with the name of the file you downloaded:
gpg --verify <electrum file>.asc <electrum file>
  1. Check the output. You should see two important messages:
    • a) A confirmation of a good signature:
Good signature from "Thomas Voegtlin (https://electrum.is) <[email protected]>" 
  1. b) The correct key fingerprint:
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
  1. You may see this warning:
WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.

This warning is normal and doesn’t indicate a problem. It appears because you haven’t established a chain of trust with other GPG users who have verified Thomas Voegtlin’s key.

Table of Contents