Electrum is one of Bitcoin’s oldest and best-known wallets. Users running this software are trusting their private keys to it. To reduce the risk of running malware, users can verify the authenticity of Electrum downloads before using them. This tutorial describes how to do so on Windows. A procedure for verifying Electrum on OSX is also available.

The Threat of Malware

Any piece of software that handles your private keys can steal them or sign transactions you never authorized. This makes Bitcoin wallets especially profitable targets for malware authors. They begin by tweaking some of the open source code. Then they distribute the result, which looks identical to the authentic version. When the unwitting user enters the private key or seed, the wallet steals the funds. The loss is irreversible and can be life-changing.

This is far from a theoretical attack. For example, in 2017 a Reddit user reported that a phishing site was deploying malware through a forged copy of Electrum, resulting in the loss of five bitcoin. The phishing site was followed as the first advertising link from a Google search.

Public Key Cryptography to the Rescue

Many Bitcoin users are familiar with the idea of digital signatures. The same idea can be applied to software downloads. The developer signs a download with a private key. Users verify the download using the developer’s public key. A forged file that changes a single bit can be detected with this system, as can a developer who attempts to apply an invalid signature. The standard method for signing binaries is known as Pretty Good Privacy (PGP). Implementations are available for all operating systems.

Download and Install Gpg4win

A popular PGP implementation on Windows is Gpg4win. Begin by downloading the installer from the main page.

We are immediately faced with a dilemma: how do we know that our copy of Gpg4win is authentic? We can’t verify a signature because if we could do that we wouldn’t need Gpg4win.

Fortunately, we can verify the installer’s hash value. Think of a hash value as an immutable, unique identifier that can be assigned to any file.

Hash values for files can be computed on Windows using the CertUtil utility, which is run from the Command Prompt application. Command Prompt is an application in which text-based commands can be issued. To access Command Prompt, type “Command Prompt” into the Windows taskbar search and click the first option. You’ll see a mostly empty window with a flashing cursor after a prompt (“>”). Commands are entered, in text form, after this prompt.

From Command Prompt, enter the following command:

CertUtil -hashfile Downloads\{filename}

where {filename} is the name of the Gpg3win installer you downloaded.

For example, in November 2017, I downloaded a file named gpg4win-3.0.1.exe. I would therefore enter the following command into Command Prompt to obtain the SHA1 hash value:

CertUtil -hashfile Downloads\gpg4win-3.0.1.exe

This returns the installer’s hash value (6db53bf3a350faceda861a3fd32c15106ce455bf). I then compare this value with the expected SHA1 hash value reported on the Gpg4win website. If the two values match, I proceed with installation. Otherwise, I attempt to find the reason for the hash value mismatch.

Notice that an attacker who was able to change the Gpg4win website might be able to give you the hash value matching a fake copy of the installer. This is one of the limitations of using hash values to authenticate downloads.

After downloading and verifying the hash value of the installer, double click on it. Keep all defaults. The install wizard should finish without issues.

Import the Developer Public Key

Gpg4win’s signature utility is called Kleopatra, which should launch upon completing the install wizard. Kleopatra presents a welcome screen offering two options: create a new key pair and import. Neither will be necessary to verify the signature of the Electrum installer. Instead, we’re going to import the public key for Electrum’s lead developer.

Thomas Voegtlin is the Electrum lead developer. The Electrum site reports his key ID as 0x2bd5824b7f9470e6. We can confirm this by looking up the same key on the MIT key server. Use this value to look up Voegtlin’s public key in Kleopatra. First, click the “Lookup on Server” button and enter the developer key ID. The click Search.

Kleopatra should respond with an entry for Thomas Voegtlin’s public key. Click on it, then click the Import button.

Kleopatra will present a dialog asking if you’d like to certify the key. We’ve already performed one of the options (confirming it on a trusted website), so click the No button.

An entry for Thomas Voegtlin’s public key should appear in Klopatra’s main window. It’s now possible to verify the signature of any Electrum installer.

Download Electrum

Browse to the Electrum download page. Next to the Windows entry are two links. Click the first one titled “Windows Installer” to download the Electrum installer. Save it to your Downloads folder.

Click the second link titled “signature.” This link takes you to a plain text page representing the installer’s signature. Save it by pressing ctrl-s. Save the signature to the the Downloads folder. Keep the default filename, but trim the .txt extension from the end. Ensure that the All Files option is selected under “Save as type.”

You should see two files in your Downloads folder: electrum-{version}-setup.exe and electrum-{version}-setup.exe.asc.asc, where {version} is the version of Electrum you downloaded. The former file is the installer itself and the latter is the signature file. A custom lock icon should be used for the signature file. If it is not, it’s likely you’ve saved the signature as a .txt file. In this case, delete the signature file and re-save it, being certain to delete the .txt extension and use the All Files option.

To verify the signature of the installer, double click on the signature file ending in .asc. Kleopatra should present a window titled “Verify Files” with a green bar at the top. Below that, the text “Verified ‘electrum-{version}-setup.exe’ with ‘electrum-{version}-setup.exe.asc’” should appear. The line will be appended with the bolded text “The data could not be verified.” This latter text indicates that you haven’t trusted the developer public key by signing it. The next section shows how to optionally correct this.

Note that the exact text you see may change in later versions of Kleopatra. In the version I used (3.0.1) and the subsequent version, the messages given for a valid signature from an unsigned key were confusing at best. The best solution is to follow the steps outlined in the next section. The second best solution is to know what an invalid signature validation looks like.

If signature verification does fail, you’ll be presented with a screen containing the bolded text “Invalid signature” on a red background.

Optional: Sign the Developer Key

At this point, you will have proven that Electrum’s lead developer has digitally signed the installer you downloaded. You could, however, take this process one step further by signing Thomas Voegtlin’s public key. Doing so will remind you in the future that you trust that this key really does belong to Electrum’s lead developer. Only take this step if you have independently verified that the key really does belong to Thomas Voegtlin.

Begin by creating a key pair for yourself, which is the step we skipped when Kleopatra first started. Choose the New Key Pair option from the File menu. Kleopatra presents a dialog asking you to choose a format. Click “create a personal OpenPGP key pair.” Enter a first and name for yourself and an email address if you desire, then click Next.

You’ll be asked to review the information you entered. When done, click Create. You’ll be asked for a passphrase. It will be required before signing the Electrum developer’s public key. Enter your passphrase, repeat it, and then click OK. Keopatra presents a window informing you that your key pair was created. Click Finish.

Your personal key appears in Kleopatra’s main window. You can now use it to sign the Electrum developer’s public key. Click on Thomas Voegtlin’s public key and click the Certify button at the top-center of the window. Check all three IDs and click the box labeled “I have verified the fingerprint.” Then click Next.

In step two, you’ll be asked whether to certify the key for everyone or just yourself (default). Leave the default value and click Cerify. You’ll be asked for your passphrase. Enter it and click OK. You’ll be presented with a window summarizing your certification of Thomas Voegtlin’s public key. Click Finish.

Kleopatra now reports that Thomas Voegtlin’s public key is certified. Confirm that this is the case by looking under the User-IDs column.

Now when you verify any document signed by Electrum’s lead developer, Kleopatra will let you know that you trust the signature. A green background and a line with the words “validity is fully trusted” signify your trust.

Conclusions

Signature validation should be used for any wallet destined to hold large sums of money. Given that wallets holding spare change today can grow to become wallets holding substantial sums tomorrow, signature verification should be the first step of any Electrum wallet installation. This guide offers a step-by-step procedure for PGP signature validation on Windows. Once set up, it can be used to verify the signature of any future Electrum release, and other Bitcoin software as well.

To recap, the steps are:

1. Download Gpg4win.
2. Verify the Gpg4win checksum.
3. Import the public key for Electrum’s lead developer.
4. Download Electrum installer and signature.
5. Verify the Electrum installer signature.