Electrum is a popular Bitcoin wallet. The non-official thin client Electrum appears to be well-designed. It does not need to download/verify the blockchain and users store their private keys locally, which eliminates the need to trust third-party severs. 
Note: To mitigate the risk of a known exploit, Electrum versions older than v3.3 are prevented from connecting to public servers.   This step was necessary to prevent user exposure to phishing messages.  If you have an Electrum version older than v3.3 installed, then it is necessary to upgrade.
While it is strongly recommended to install software from the Debian repositories, the latest available package is too old and will not connect to public servers. This means Debian's official package manager (
APT) cannot be used to install a functional Electrum version.
The best option at present is to install Electrum from the official website. The following instructions provide steps to verify the AppImage, but keep in mind the risks involved with manual software installation. Always make every effort to follow Best Practices when installing software.
Note: The following instructions should be applied in Whonix-Workstation ™ (Qubes-Whonix ™:
1. Open a terminal.
If you are using Qubes-Whonix ™, complete the following steps.
Qubes App Launcher (blue/grey "Q") →
Whonix-Workstation ™ AppVM (commonly named anon-whonix) →
If you are using a graphical Whonix with KDE, run.
Start Menu →
If you are using a graphical Whonix with XFCE, run.
Start Menu →
2. Import the gpg public key of Electrum developer Thomas Voegtlin.
gpg --recv-keys 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
When finished, the output should be similar to the following image.
Figure: gpg Key Importation
3. Verify the public key fingerprint.
gpg --fingerprint 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
In early-2019, the output is identical to the following image.
Figure: Fingerprint Verification
4. Download the Electrum AppImage.
Note: At the time of writing,
elecrtum-3.3.6 was the latest stable release. Before starting the Electrum download, browse to electrum.org/#download to verify the correct file path. Then download the file with scurl. 
5. Download the corresponding gpg signature.
It is necessary to verify the integrity of the AppImage with the correct signature.
Note: If users downloaded a later Electrum version at step 4, then modify the following command to match the corresponding signature file. 
6. Verify the integrity of the AppImage image.
Note: This command must be run in the same directory as the downloaded AppImage and signature.
gpg --verify electrum-3.3.6-x86_64.AppImage.asc
If the image is verified successfully, the output will show a "Good signature" similar to the screenshot below.
Figure: Good Signature 
The above "gpg: WARNING" can be ignored since it does not alter the validity of the signature related to the downloaded key. Rather, this warning refers to the level of trust placed in the developers signing key and the web of trust. To remove this warning, the developers signing key must be personally signed with your own key.
If the following "gpg: BAD signature" message appears, the Appimage has been corrupted or altered during the download process.
Figure: Bad Signature
In this event, delete both the AppImage and signature and either wait 10-15 minutes for the Tor circuits to change, or open up the Arm Tor Controller in Whonix-Gateway ™ (Qubes-Whonix ™:
sys-whonix) and type "n" to create new Tor circuits. Wait for a random period of time before repeating the steps to download the AppImage and signature.
7. Change file permissions.
Make the electrum AppImage executable.
chmod +x electrum-3.3.6-x86_64.AppImage
Please refer to the official Documentation at docs.electrum.org for comprehensive instructions, as well as more advanced topics like Cold Storage of private keys.
To start Electrum on all platforms, run.
Qubes-Whonix ™ users are recommended to configure a Split Bitcoin Wallet to better protect their private keys. To protect against identity correlation through Tor circuit sharing, follow the instructions below (see Stream Isolation for more information).
Electrum: First Run
1. Configure a manual server connection.
When Electrum is started for the first time, users are met with the prompt:
"How do you want to connect to a server?".
Select server manually and press
Figure: Server Setting
2. Change the proxy settings.
The necessary settings are:
Next and the application should be fully functional.
Figure: SOCKS5 Proxy Configuration
Note: If Electrum is already set up but stream isolation was not enabled, then navigate to
Network in Electrum to bring up the server and proxy settings.
This step is optional.
mkdir -p ~/.local/share/applications
Create a new file
~/.local/share/applications/electrum.desktop using an editor.
Paste the following contents.
The procedure is now complete.
You can find the launcher here:
Start Menu →
After having installed Electrum, please consider making a donation to Whonix ™ to keep it running for the years to come.
Donate Bitcoin (BTC) to Whonix ™.
- ↑ Some Bitcoin wallets other than Electrum are affected by this: if the third-party server was ever compromised, all of the users' bitcoins could be stolen. There is also the possibility that the third-party could lose a user's private keys or walk away with them.
- ↑ https://github.com/spesmilo/electrum/issues/5183
- ↑ https://github.com/spesmilo/electrum/issues/5190
- ↑ For further details, see: Github Electrum issues.
Installing software best practices:
- ↑ To find the correct image download:
Copy Link Location →
to scurl command.
- ↑ To find the correct signature file download:
Copy Link Location →
to scurl command
gpg: assuming signed data in 'electrum-3.3.6-x86_64.AppImage'
gpg: Signature made Thu 16 May 2019 02:14:30 PM EDT
gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <firstname.lastname@example.org>" [unknown]
gpg: aka "ThomasV <email@example.com>" [unknown]
gpg: aka "Thomas Voegtlin <firstname.lastname@example.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
No comments for now due to spam. Use Whonix forums instead.
https | (forcing) onion
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.
Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.