If am not missing anything, you followed all the steps correctly and you should be good to go. However, it's normal to be paranoid when it comes to dealings on the web.
You can check out other ways of verifying Bitcoin core so as to have some peace in your mind in this post.
Verifying Bitcoin Core
Topic: Have I correctly verified Core? (Read 155 times)
Yes, you're doing it correctly. Your guess is also correct, see this[1]. As long as it doesn't result in a bad/broken signature, then you're good to go I believe.
[1] https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-windows/
[1] https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-windows/
Have I correctly verified Core?
I've done this following but am a bit out of my depth:
1. Downloaded and installed Kleopatra (GPG4WIN)
2. Imported Wladimir's ASC from Bitcoincore.org
3. Downloaded bitcoin-0.17.1-win64-setup.exe
4. Downloaded SHA256SUMS.ASC from Bitcoincore.org
5. Verified SHA256SUMS.ASC was created with Wladimir's certificate via Kleopatra (*See below)
6. Obtain SHA256 hash of bitcoin-0.17.1-win64-setup.exe (**see below)
7. Confirm the SHA256 hash matches the SHA256 hash in the SHA256SUMS.ASC file (***see below)
*Signature created on Tuesday, 25 December 2018 7:03:05 PM
With certificate:
Wladimir J. van der Laan (Bitcoin Core binary release signing key) <[email protected]> (90C8 019E 36C2 E964)
The used key is not certified by you or any trusted person
**\Bitcoin>certUtil -hashfile bitcoin-0.17.1-win64-setup.exe SHA256
SHA256 hash of bitcoin-0.17.1-win64-setup.exe:
fa1e80c5e4ecc705549a8061e5e7e0aa6b2d26967f99681b5989d9bd938d8467
CertUtil: -hashfile command completed successfully.
***fa1e80c5e4ecc705549a8061e5e7e0aa6b2d26967f99681b5989d9bd938d8467 bitcoin-0.17.1-win64-setup.exe
As far as I can tell this is correct, but step 5 has me a bit unsure, mainly due to the following:
I am led to believe that this message is correct, and that 'The data could not be verified' is simply a result of me having not verified Wladimir's key via Kleopatra.
Does all of this look correct?
I've done this following but am a bit out of my depth:
1. Downloaded and installed Kleopatra (GPG4WIN)
2. Imported Wladimir's ASC from Bitcoincore.org
3. Downloaded bitcoin-0.17.1-win64-setup.exe
4. Downloaded SHA256SUMS.ASC from Bitcoincore.org
5. Verified SHA256SUMS.ASC was created with Wladimir's certificate via Kleopatra (*See below)
6. Obtain SHA256 hash of bitcoin-0.17.1-win64-setup.exe (**see below)
7. Confirm the SHA256 hash matches the SHA256 hash in the SHA256SUMS.ASC file (***see below)
*Signature created on Tuesday, 25 December 2018 7:03:05 PM
With certificate:
Wladimir J. van der Laan (Bitcoin Core binary release signing key) <[email protected]> (90C8 019E 36C2 E964)
The used key is not certified by you or any trusted person
**\Bitcoin>certUtil -hashfile bitcoin-0.17.1-win64-setup.exe SHA256
SHA256 hash of bitcoin-0.17.1-win64-setup.exe:
fa1e80c5e4ecc705549a8061e5e7e0aa6b2d26967f99681b5989d9bd938d8467
CertUtil: -hashfile command completed successfully.
***fa1e80c5e4ecc705549a8061e5e7e0aa6b2d26967f99681b5989d9bd938d8467 bitcoin-0.17.1-win64-setup.exe
As far as I can tell this is correct, but step 5 has me a bit unsure, mainly due to the following:
I am led to believe that this message is correct, and that 'The data could not be verified' is simply a result of me having not verified Wladimir's key via Kleopatra.
Does all of this look correct?
Jump to: