I am having trouble verifying the signatures for Electron Cash using GPG4Win or rather Kleopatra. I have followed the same steps/procedure to verify Electrum but for some reason, following those exact same steps doesn’t seem to work for Electron Cash. Can someone please help me out?
Thank you so much for the reply. I have followed the steps and still can’t get it working. I don’t understand, I have verified an Electrum wallet using the same steps but when following these steps for Electron Cash, I can’t get Kleopatra to verify the signature.
Here are the steps that I followed:
I already have GPG4Win/Kleopatra downloaded and I have my signature inside Kleopatra.
“Download a public key from GitHub and import it into gpg keychain,” So I right-clicked on “GitHub” and then “Save-Link-As” and then saved the text file “jonaldkey2.txt”.
Now here is where I get lost. First off, I have changed the text file from “jonaldkey2.txt” to “jonaldkey2.asc” but when I try to import either the “jonaldkey2.txt” or the “jonaldkey2.asc” file into Kleopatra, it doesn’t work ie. it will not import either the .txt file or the .asc file. So this is where I am getting stuck. Also, I downloaded version 4.2.7 from “sigs-and-sums” at the stop of the “https://github.com/Electron-Cash/keys-n-hashes#3-verify-author-signature-of-executable-file-optional-step” page and when I download it, it saves it as “Electron-Cash-4.2.7-setup.exe.asc” and not “Electron-Cash-4.2.7-setup.exe.asc.txt” like you alluded to.
I have followed the steps and it still isn’t verifying the signature. Please help.
Hi John,
which version of Gpg4win do you use?
(when in doubt, please use the newest version, you can just download it (again)).
What does Kleopatra say when you try to import the public key?
(Best ist to type the message in here.) If it says that 0 keys were imported,
this is often the place if the public key is already there and does not need to
be reimported.
If you then check the signature with Kleopatra, what does not work?
Could you additionally try to do it on the command line, this would help analying what your problem may be. (The command line often gives more diagnostic output.)
I was able to import and then certify (with MY signature file in Kleopatra) the “jonaldkey2.txt” signature file with Kleopatra. So the “jonaldkey2.txt” signature file is now imported and certified in Kleopatra.
To answer your question, “If you then check the signature with Kleopatra, what does not work?”
When I try to verify the ‘Electron-Cash-4.2.7-setup.exe.asc’ file with the “jonaldkey2.txt” signature file in Kleopatra, nothing comes up.
When I did this same process with Electrum, the signature file was verified with the .exe.asc file and everything worked.
Ok I tried to decrypt/verify the “Electron-Cash-4.2.7-setup.exe.asc” file that you alluded to in one of your previous replies along with the “Electron-Cash-4.2.7.exe.asc” file as well and I get this message: “Electron-Cash-4.2.7-setup.exe.asc’ contains certificates and can’t be decrypted or verified.” What am I doing wrong here?
Can you please please please kindly copy & paste the exact .exe. and .asc files that you are referring to so that I know for sure that I have the correct files?
Renamed Electron-Cash-4.2.7-setup.exe.asc.txt to Electron-Cash-4.2.7-setup.exe.asc
then I’ve started command.cmd, changed in the directory
cd Downloads
and run
gpg -v --verify Electron-Cash-4.2.7-setup.exe.asc
do
dir
to see how the files are named in there.
which gave the expected answer.
Also opened File → Decrypt/verify in Kleopatra, selected Electron-Cash-4.2.7-setup.exe.asc
and it was fine.
Note that with some versions of windows, you cannot see the full suffixes (or file name extensions). With in the file explorer you can make sure you see everything, e.g. use the menu “View” and then click the checkbox for file extensions.
please open the file that you have downloaded with an editor (like notepad on windows)
you will then see what is inside and if there is any stuff that may obstruct it (like HTML).
If you cannot see the raw button, maybe that is a problem with your webbrowser.
I guess that you may have accidentially downloaded files with markup inside and those are files that GnuPG (the crypto engine of Kleopatra) cannot process.
I got it working now. Thanks for all your help & patience, it is GREATLY appreciated.
So the ‘Raw Button’ essentially strips any HTML functions or any extra functions associated with a file and just makes the file a .txt/.asc file?
The instructions on the Electron Cash website are outdated and even misleading to a point and need to be updated. Someone who knows very little about verifying signatures, etc. would have a hard time completing the steps on the website unless they had some experience doing so.
You were such a big help and I greatly appreciate you helping me solve this riddle.