Step 1: Install GPG
Download GPG for Windows:
- Go to Gpg4win official website.
- Download the latest version of Gpg4win.
Install Gpg4win:
- Run the installer (
gpg4win-x.x.x.exe).
- Follow the installation instructions. You can choose the default options.
Step 2: Download and Import Public Keys
Get the Public Key:
- Download the key files in the same folder:
ThomasV 
SomberNight 
Emzy Import the Public Keys into Gpg4win:
via Kleopatra:
- Open Kleopatra.
- Click Menu → Import to import public keys. You should import all the keys.
3. After importing, Right-Mouse-Button on certificate profile → Certify. You should see:
- Set up your own profile. You can just use the default values.
Step 3. Verifying GPG Signatures
- Click to Menu → Decrypt/Verify.
- Select the Electrum file. Kleopatra will check the signature.
Then you’ll see:
via CMD
- Open the Command Prompt (
cmd). - Run the following command to import the key:
gpg --import <path-to-public-key-file>
Replace <path-to-public-key-file> with the actual path to the key file. For example:
gpg --import C:\Users\YourName\Downloads\electrum-4.5.5.exe.asc
- Make sure the Electrum file (e.g.,
electrum-4.5.5.exe) and the signature file (e.g.,electrum-4.5.5.exe.asc) are in the same directory. - Run the following command to verify:
gpg --verify <signature-file> <signed-file>
Replace <signature-file> and <signed-file> with the actual filenames. For example:
gpg --verify C:\Users\YourName\Downloads\electrum-4.5.5.exe C:\Users\YourName\Downloads\electrum-4.5.5.exe.asc
- You may see this warning:
WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
This warning is normal and doesn’t indicate a problem. It appears because you haven’t established a chain of trust with other GPG users who have verified Thomas Voegtlin’s key.