Having trouble verifying SHA256SUMS.asc

AdolfinWolf

legendary

Activity: 1946

Merit: 1427

Ok so basically we download the sigs from

https://bitcoincore.org/bin/bitcoin-core-22.0/SHA256SUMS.asc

then the hashes from...

https://bitcoincore.org/bin/bitcoin-core-22.0/SHA256SUMS

btw, this is indeed kinda hidden for now it seems, couldn't find it anywhere, not on github, not on bitcoincore.org, though perhaps I did not search hard enough on github..

then?

Code:

--verify SHA256SUMS.asc SHA256SUMS

and shasum your individual release and recheck obviously.

Now this kinda assumes I have all the signers imported already. Obviously I don't and i'm not sure I care that much to import them all in a "decentralized - individual" manner (I think that's more or less the intention of this change?)

~~I'm scrolling to see if I can verify Wladimir's signature with his old (11+) key, but no luck.~~

Any easy way to check the signers and how much authority they hold as someone who isn't that involved?
Edit: I guess the latter part of the question is still somewhat relevant though every individual will probably weigh this differently.

~~I have a couple names + email addresses - easiest way for now seems to google them and add them individually..?~~

I guess achow's key works. (EDIT: for those wondering: Imported using https://github.com/bitcoin/bitcoin/blob/master/contrib/builder-keys/keys.txt, which? corresponds with http://achow101.com/achow101.pgp, and thus? trustworthy) &

Code:

 gpg --keyserver keyserver.ubuntu.com --receive-keys 152812300785C96444D3334D17565732E08E5E41

ProbablyDrunk

newbie

Activity: 6

Merit: 3

Cool; thanks for your help.

achow101

staff

Activity: 3458

Merit: 6793

Just writing some code

The format changed starting with 22.0. The signatures file actually contains signatures from several developers. The standard gpg --verify command will verify all of those signatures.

The website will be updated with detailed instructions.

ProbablyDrunk

newbie

Activity: 6

Merit: 3

With a bit more Googling it seems that 0xb10c is a Bitcoin Core developer. Found his blog https://b10c.me/ and that is indeed his email address. So it looks legit I guess.

This part could be a bit clearer though for people starting to run their own node like me... I couldn't find any instructions on this on bitcoincore.org itself. Would be nice if it was part of the FAQ.

ProbablyDrunk

newbie

Activity: 6

Merit: 3

Thanks, that worked better. Even so, the result of GPG verification is not what I expect:

Code:

Untrusted signature
.0xB10C <[email protected]>
0CCB AAFD 76A2 ECE2 CCD3  141D E2FF D5B1 D88C A97D

https://i.imgur.com/xjyRBET.jpg

From what I understand it's expected that file is signed by Wladimir van der Laan. Trying to be a responsible citizen here.

achow101

staff

Activity: 3458

Merit: 6793

Just writing some code

For Bitcoin Core 22.0, the hashes are located in the SHA256SUMS file which you can download from https://bitcoincore.org/bin/bitcoin-core-22.0/SHA256SUMS. SHA256SUMS.asc just contains the GPG signatures; you will need that file too in order to verify the release.

The website still needs to be updated for the new release format.

ProbablyDrunk

newbie

Activity: 6

Merit: 3

Additionally I tried doing this on Linux and I get the same result.

ProbablyDrunk

newbie

Activity: 6

Merit: 3

Thanks but that makes no difference.

BitMaxz

legendary

Activity: 3374

Merit: 3095

Playbet.io - Crypto Casino and Sportsbook

Can you add more space before SHA256SUMS.asc

Sample

Code:

shasum -c  SHA256SUMS.asc

Add space between -c and SHA256SUMS.asc so it should be two spaces and test if it will work.

I just got the idea from this link below

- https://unix.stackexchange.com/questions/139891/why-does-verifying-sha256-checksum-with-sha256sum-fail-on-debian-and-work-on-u

ProbablyDrunk

newbie

Activity: 6

Merit: 3

I downloaded SHA256SUMS.asc from https://bitcoincore.org/en/download/. When I run shasum -c SHA256SUMS.asc I get:

Code:

Oberon:Downloads remco$ shasum -c SHA256SUMS.asc
shasum: SHA256SUMS.asc: no properly formatted SHA checksum lines found

Ideas? I'm on a Mac (OSX 11.5.2)

Topic: Having trouble verifying SHA256SUMS.asc (Read 153 times)