Author

Topic: I've downloaded bitcoin-0.8.6-win32-setup.exe, how do I gpg verify. (Read 1440 times)

member
Activity: 61
Merit: 10
BTW, there are some additional tips on how to verify GPG signatures under Windows in that Armory thread.

thanks flatfly, I will work through this  Cheesy
legendary
Activity: 1092
Merit: 1016
760930
BTW, there are some additional tips on how to verify GPG signatures under Windows in that Armory thread.
legendary
Activity: 3682
Merit: 1580
Surely if you download it from the official web site (as linked at the top of the forum), you don't need to verify signatures? 

LOL official website as linked on the top of the forum. How many times has the forum been hacked now?

Websites get hacked all the time especially bitcoin related sites. We need to take every precaution we can.
member
Activity: 61
Merit: 10
Surely if you download it from the official web site (as linked at the top of the forum), you don't need to verify signatures? 

Where's my tinfoil hat smilie?

You're right, and I'm not normally so paranoid, Smiley  but I want to get into the habit of good practices.
Never had a reason to worry about verifying signatures but I think when it comes to money, it makes sense to get into the habit of verifying files etc.
hero member
Activity: 1246
Merit: 501
Surely if you download it from the official web site (as linked at the top of the forum), you don't need to verify signatures? 

Where's my tinfoil hat smilie?
member
Activity: 61
Merit: 10
@OP we are not Windows users or this would all be easy for us to explain to you. On Linux we use the command line. So with that said see this thread for Windows command line instructions.

If you can't do the above then wait for another Windows user to chime in with step by step instructions.

And BTW the bitcoin .asc files are NOT detached signatures. They actually signatures of the sha256sums not the .exe file itself.

Thanks Abdussamad, that thread is just what I was looking for.
legendary
Activity: 3682
Merit: 1580
@OP we are not Windows users or this would all be easy for us to explain to you. On Linux we use the command line. So with that said see this thread for Windows command line instructions.

If you can't do the above then wait for another Windows user to chime in with step by step instructions.

And BTW the bitcoin .asc files are NOT detached signatures. They actually signatures of the sha256sums not the .exe file itself.
member
Activity: 61
Merit: 10
Thanks for your patience.

I have imported Gavin Anderson 0x1FC730C1 and he now appears in my trusted certificates.
I then tried to verify the file SHA256SUMS.asc which i downloaded from http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.6/
Both SHA256SUMS.asc and the exe file are in the same folder.

I checkmark "input file is a detached signature"
Input file is : bitcoin...windows..exe
I select signed data : SHA256SUMS.asc
Click verify
Get error " Could not determine whether this is S/MIMe or OpenPGP signature


When I put input file :  SHA256SUMS.asc
and signed data : bitcoin...windows..exe
Click Verify
Get error SHA256SUMS.asc no signature

I suspect I'm missing something simple, but encryption is new to me. If you have any further ideas would appreciate
Thanks for your help

legendary
Activity: 3682
Merit: 1580
Thanks for the info Abdussamad, but I'm still struggling.

I have gpg4win installed (kleopatra)

I downloaded the Sha256sum.asc file from your link, I then right click it and select "verify" but it just says " no signature found"
Totally confused  Undecided

Before verifying, you need to download and import
Gavin's public GPG key (ID 0x1FC730C1) into your computer. I'm not familiar with the exact steps to follow in kleopatra but it shouldn't be too complicated.


Yeah you can find the sigs on the bitcoin.org page I linked above.
legendary
Activity: 1092
Merit: 1016
760930
Thanks for the info Abdussamad, but I'm still struggling.

I have gpg4win installed (kleopatra)

I downloaded the Sha256sum.asc file from your link, I then right click it and select "verify" but it just says " no signature found"
Totally confused  Undecided

Before verifying, you need to download and import
Gavin's public GPG key (ID 0x1FC730C1) into your computer. I'm not familiar with the exact steps to follow in kleopatra but it shouldn't be too complicated.
member
Activity: 61
Merit: 10
Thanks for the info Abdussamad, but I'm still struggling.

I have gpg4win installed (kleopatra)

I downloaded the Sha256sum.asc file from your link, I then right click it and select "verify" but it just says " no signature found"
Totally confused  Undecided
legendary
Activity: 3682
Merit: 1580
Do a sha256sum of the file. Look up freeware that lets you calculate sha256 checksums of a file. Fedora project seems to recommend this:

http://docs.fedoraproject.org/en-US/Fedora/16/html/Burning_ISO_images_to_disc/sect-Burning_ISO_images_to_disc-Validating_the_Files-Validating_at_the_Windows_Command_Prompt.html

Then compare with the sha256sum.asc file here:

http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.6/



Finally verify the signature in that .asc file is from Jeff Garzik or not:

http://bitcoin.org/en/development

Edit: It may be that that .asc file carries gavin's sig. Check for both.

edit2 : Use http://gpg4win.org/
member
Activity: 61
Merit: 10
thank for the link flatfly, it does provide more info, but it's for linux, do you know of a windows guide. Thanks
legendary
Activity: 1092
Merit: 1016
760930
member
Activity: 61
Merit: 10
When I downloaded a litecoin wallet I found a great walk thru to verify the file was safe using this link

https://litecointalk.org/index.php?topic=5116.0

I have now downloaded the latest bitcoin wallet  bitcoin-0.8.6-win32-setup.exe, but I'm not sure how to gpg verify it. I've searched around but not had much luck.
If anybody could point me to a step by step guide, would appreciate.
Jump to: