Hi,
I am having trouble verifying the signatures for Electron Cash using GPG4Win or rather Kleopatra. I have followed the same steps/procedure to verify Electrum but for some reason, following those exact same steps doesn’t seem to work for Electron Cash. Can someone please help me out?
Kind regards,
John
Hi John,
assuming that you are following
https://github.com/Electron-Cash/keys-n-hashes#3-verify-author-signature-of-executable-file-optional-step
what is it in particular that does not work for you?
Regards
Bernhard
Just tried it using the instructions and it worked for me in principle.
The only different to the instructions at https://github.com/Electron-Cash/keys-n-hashes#3-verify-author-signature-of-executable-file-optional-step was that I had to rename the signature file, so that GnuPG could guess the original file correctly. Somehow my webbrowser saved the signature file as Electron-Cash-4.2.7-setup.exe.asc.txt.
After renaming it to
Electron-Cash-4.2.7-setup.exe.asc
gpg --verify Electron-Cash-4.2.7-setup.exe.asc
worked as expected.
Hope this helps 
Bernhard
Hi,
Thank you so much for the reply. I have followed the steps and still can’t get it working. I don’t understand, I have verified an Electrum wallet using the same steps but when following these steps for Electron Cash, I can’t get Kleopatra to verify the signature.
Here are the steps that I followed:
I already have GPG4Win/Kleopatra downloaded and I have my signature inside Kleopatra.
“Download a public key from GitHub and import it into gpg keychain,” So I right-clicked on “GitHub” and then “Save-Link-As” and then saved the text file “jonaldkey2.txt”.
Now here is where I get lost. First off, I have changed the text file from “jonaldkey2.txt” to “jonaldkey2.asc” but when I try to import either the “jonaldkey2.txt” or the “jonaldkey2.asc” file into Kleopatra, it doesn’t work ie. it will not import either the .txt file or the .asc file. So this is where I am getting stuck. Also, I downloaded version 4.2.7 from “sigs-and-sums” at the stop of the “https://github.com/Electron-Cash/keys-n-hashes#3-verify-author-signature-of-executable-file-optional-step” page and when I download it, it saves it as “Electron-Cash-4.2.7-setup.exe.asc” and not “Electron-Cash-4.2.7-setup.exe.asc.txt” like you alluded to.
I have followed the steps and it still isn’t verifying the signature. Please help.
Kind regards,
John
Hi John,
which version of Gpg4win do you use?
(when in doubt, please use the newest version, you can just download it (again)).
What does Kleopatra say when you try to import the public key?
(Best ist to type the message in here.) If it says that 0 keys were imported,
this is often the place if the public key is already there and does not need to
be reimported.
If you then check the signature with Kleopatra, what does not work?
Could you additionally try to do it on the command line, this would help analying what your problem may be. (The command line often gives more diagnostic output.)
Regards,
Bernhard
Hi,
I was able to import and then certify (with MY signature file in Kleopatra) the “jonaldkey2.txt” signature file with Kleopatra. So the “jonaldkey2.txt” signature file is now imported and certified in Kleopatra.
To answer your question, “If you then check the signature with Kleopatra, what does not work?”
When I try to verify the ‘Electron-Cash-4.2.7-setup.exe.asc’ file with the “jonaldkey2.txt” signature file in Kleopatra, nothing comes up.
When I did this same process with Electrum, the signature file was verified with the .exe.asc file and everything worked.
Thanks,
John
Hi John,
if nothing comes up with Kleopatra, can you try on the command line?
Best,
Bernhard
To add:
For me it works in Kleopatra:
Hi,
Ok I tried to decrypt/verify the “Electron-Cash-4.2.7-setup.exe.asc” file that you alluded to in one of your previous replies along with the “Electron-Cash-4.2.7.exe.asc” file as well and I get this message: “Electron-Cash-4.2.7-setup.exe.asc’ contains certificates and can’t be decrypted or verified.” What am I doing wrong here?
I also have the jonf@electroncash.org signature certified in Kleopatra as well.
Can you please please please kindly copy & paste the exact .exe. and .asc files that you are referring to so that I know for sure that I have the correct files?
Kind regards,
John
Hi John,
these are the two files I’ve downloaded and saved in the same folder “Downloads”:
https://electroncash.org/downloads/4.2.7/win-linux/Electron-Cash-4.2.7-setup.exe
https://raw.githubusercontent.com/Electron-Cash/keys-n-hashes/master/sigs-and-sums/4.2.7/win-linux/Electron-Cash-4.2.7-setup.exe.asc
Renamed Electron-Cash-4.2.7-setup.exe.asc.txt to Electron-Cash-4.2.7-setup.exe.asc
then I’ve started command.cmd, changed in the directory
cd Downloads
and run
gpg -v --verify Electron-Cash-4.2.7-setup.exe.asc
do
dir
to see how the files are named in there.
which gave the expected answer.
Also opened File → Decrypt/verify in Kleopatra, selected Electron-Cash-4.2.7-setup.exe.asc
and it was fine.
Note that with some versions of windows, you cannot see the full suffixes (or file name extensions). With in the file explorer you can make sure you see everything, e.g. use the menu “View” and then click the checkbox for file extensions.
Regards,
Bernhard
Hi,
The “https://raw.githubusercontent.com/Electron-Cash/keys-n-hashes/master/sigs-and-sums/4.2.7/win-linux/Electron-Cash-4.2.7-setup.exe.asc” link that you posted works when I decrypt/verify it. So why doesn’t the “Electron-Cash-4.2.7-setup.exe.asc” file from the “https://github.com/Electron-Cash/keys-n-hashes/tree/master/sigs-and-sums/4.2.7/win-linux” link work when I try to decrypt/verify it?
Where did you find this link “https://raw.githubusercontent.com/Electron-Cash/keys-n-hashes/master/sigs-and-sums/4.2.7/win-linux/Electron-Cash-4.2.7-setup.exe.asc” on Github? There is no ‘raw’ anywhere in the links at Github.
I also noticed that when I ‘Right-Click’ on the link you provided “https://raw.githubusercontent.com/Electron-Cash/keys-n-hashes/master/sigs-and-sums/4.2.7/win-linux/Electron-Cash-4.2.7-setup.exe.asc” and then click on ‘Save-Link-As’, it shows the ‘Save As Type’ as a ‘Text Document (.asc)'. And when I ‘Right-Click’ on the “Electron-Cash-4.2.7-setup.exe.asc” file from the “https://github.com/Electron-Cash/keys-n-hashes/tree/master/sigs-and-sums/4.2.7/win-linux” link and then click on ‘Save-Link-As’, it shows the ‘Save As Type’ as a 'Firefox HTML Document (.asc)’. I think this could be the problem with as to why the “Electron-Cash-4.2.7-setup.exe.asc” file is not working when I try to decrypt/verify it with Kleopatra. Could this be the case?
Kind regards,
John
Hi John,
please open the file that you have downloaded with an editor (like notepad on windows)
you will then see what is inside and if there is any stuff that may obstruct it (like HTML).
I’ve found https://raw.githubusercontent.com/Electron-Cash/keys-n-hashes/master/sigs-and-sums/4.2.7/win-linux/Electron-Cash-4.2.7-setup.exe.asc by
a) going through
https://github.com/Electron-Cash/keys-n-hashes/tree/master/sigs-and-sums/4.2.7/win-linux
b) and then clicking on file and then clicking on the raw button leading to
https://github.com/Electron-Cash/keys-n-hashes/blob/master/sigs-and-sums/4.2.7/win-linux/Electron-Cash-4.2.7-setup.exe.asc
If you cannot see the raw button, maybe that is a problem with your webbrowser.
I guess that you may have accidentially downloaded files with markup inside and those are files that GnuPG (the crypto engine of Kleopatra) cannot process.
Regards,
Bernhard
Hi Bernhard,
I got it working now. Thanks for all your help & patience, it is GREATLY appreciated.
So the ‘Raw Button’ essentially strips any HTML functions or any extra functions associated with a file and just makes the file a .txt/.asc file?
The instructions on the Electron Cash website are outdated and even misleading to a point and need to be updated. Someone who knows very little about verifying signatures, etc. would have a hard time completing the steps on the website unless they had some experience doing so.
You were such a big help and I greatly appreciate you helping me solve this riddle.
Kind regards,
John
Hi John,
good to know that is is working you now!
Maybe you can suggest an improvement to https://github.com/Electron-Cash/keys-n-hashes .
It is hard to anticipate missing info when you write instructions, so I’m sure they appreciate friendly feedback
Best,
Bernhard