Author

Topic: Need help verifying PGP signatures for bitcoin core (Read 173 times)

newbie
Activity: 10
Merit: 7
Great! That means everything is fine and I have a healthy node then Smiley thank you all for the explanation!
Only 10% more and my node is fully synced. I'll upgrade it to V24.01 afterwards through bitcoincore.org.

hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
I guess this means that I have a safe copy of the software?

It means your downloaded file has not been modified, it is bit for bit identical to what the Core maintainers have published as Bitcoin Core 22.0.0 installer for Windows. Your installation file is genuine as the developers have created it.

BTW, the current authoritive website for Bitcoin Core is https://bitcoincore.org, not https://bitcoin.org
newbie
Activity: 10
Merit: 7
Okay so I did as you said, now I get the return "good signature" https://imgur.com/a/OXxWsLv.
I checked the SHA256 hash from my download and it corresponded with the SHA256 hash that I found in the textfile.
Hash download: https://imgur.com/sSPXTsO
Hash textfile: https://imgur.com/vILghz7

I guess this means that I have a safe copy of the software?
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
Description of Problem:
I get a message "gpg: BAD signature from *insert dev*" when trying to verify the PGP signatures of for my bitcoin core installation.exe. Is this a clear sign that my software has been tampered with? Or is there another explanation?
You're supposed to verify "SHA256SUMS" file with "SHA256SUMS.asc" signature file.
So command should be:
Code:
gpg --verify SHA256SUMS.asc SHA256SUMS

Then after verifying that "SHA256SUMS" file is legit, open it as text, then find and take note of the line:
9485e4b52ed6cebfe474ab4d7d0c1be6d0bb879ba7246a8239326b2230a77eb1  bitcoin-22.0-win64.zip

Get your downloaded "bitcoin-22.0-win64.zip" file's sha256 hash and see if it matched with the sha256 sum in the file.

For example, using this PowerShell tool: learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-filehash?
Windows Power Shell command and result (with matching SHA256 hash):
Code:
Get-FileHash Desktop/bitcoin-22.0-win64.zip | Format-List


Algorithm : SHA256
Hash      : 9485E4B52ED6CEBFE474AB4D7D0C1BE6D0BB879BA7246A8239326B2230A77EB1
Path      : C:\Users\\Desktop\bitcoin-22.0-win64.zip
newbie
Activity: 10
Merit: 7
Can you tell us exactly where you download bitcoin core?
It's a first step to verify that bitcoin core you downloaded is from legit source.

Another suggestion there are other guides on the forum that you can follow the right way how to verify Bitcoin core like this post below.

- https://bitcointalksearch.org/topic/m.49491917

And then use achow signature here https://bitcointalksearch.org/topic/m.61568010

Apologies for the late response, I was on a travel and had no ways to check this forum.

This is the link where I got my download; https://bitcoin.org/bin/bitcoin-core-22.0

I'll check out the forum that you linked me, thanks in advance for that!

 
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
Can you tell us exactly where you download bitcoin core?
It's a first step to verify that bitcoin core you downloaded is from legit source.

Another suggestion there are other guides on the forum that you can follow the right way how to verify Bitcoin core like this post below.

- https://bitcointalksearch.org/topic/m.49491917

And then use achow signature here https://bitcointalksearch.org/topic/m.61568010
staff
Activity: 3458
Merit: 6793
Just writing some code
Can you post the full output?

Are you sure that you are verifying the correct files?
newbie
Activity: 10
Merit: 7
Bitcoin Client Software and Version Number: Bitcoin core V22.0 win64

Operating System: Windows 10

System Hardware Specs: /

Description of Problem:
I get a message "gpg: BAD signature from *insert dev*" when trying to verify the PGP signatures of for my bitcoin core installation.exe. Is this a clear sign that my software has been tampered with? Or is there another explanation?

Screenshot of the problem: https://imgur.com/4GVmT1j

Thanks in advance for your help. I'm not a tech person so this whole ordeal has been quite difficult for me
Jump to: