thank you all for the explanation! Only 10% more and my node is fully synced. I'll upgrade it to V24.01 afterwards through bitcoincore.org.
Topic: Need help verifying PGP signatures for bitcoin core (Read 145 times)
Great! That means everything is fine and I have a healthy node then thank you all for the explanation!
Only 10% more and my node is fully synced. I'll upgrade it to V24.01 afterwards through bitcoincore.org.
thank you all for the explanation! Only 10% more and my node is fully synced. I'll upgrade it to V24.01 afterwards through bitcoincore.org.
I guess this means that I have a safe copy of the software?
It means your downloaded file has not been modified, it is bit for bit identical to what the Core maintainers have published as Bitcoin Core 22.0.0 installer for Windows. Your installation file is genuine as the developers have created it.
BTW, the current authoritive website for Bitcoin Core is https://bitcoincore.org, not https://bitcoin.org
Okay so I did as you said, now I get the return "good signature" https://imgur.com/a/OXxWsLv.
I checked the SHA256 hash from my download and it corresponded with the SHA256 hash that I found in the textfile.
Hash download: https://imgur.com/sSPXTsO
Hash textfile: https://imgur.com/vILghz7
I guess this means that I have a safe copy of the software?
I checked the SHA256 hash from my download and it corresponded with the SHA256 hash that I found in the textfile.
Hash download: https://imgur.com/sSPXTsO
Hash textfile: https://imgur.com/vILghz7
I guess this means that I have a safe copy of the software?
Description of Problem:
I get a message "gpg: BAD signature from *insert dev*" when trying to verify the PGP signatures of for my bitcoin core installation.exe. Is this a clear sign that my software has been tampered with? Or is there another explanation?
You're supposed to verify "SHA256SUMS" file with "SHA256SUMS.asc" signature file.I get a message "gpg: BAD signature from *insert dev*" when trying to verify the PGP signatures of for my bitcoin core installation.exe. Is this a clear sign that my software has been tampered with? Or is there another explanation?
So command should be:
Code:
gpg --verify SHA256SUMS.asc SHA256SUMS
Then after verifying that "SHA256SUMS" file is legit, open it as text, then find and take note of the line:
9485e4b52ed6cebfe474ab4d7d0c1be6d0bb879ba7246a8239326b2230a77eb1 bitcoin-22.0-win64.zip
Get your downloaded "bitcoin-22.0-win64.zip" file's sha256 hash and see if it matched with the sha256 sum in the file.
For example, using this PowerShell tool: learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-filehash?
Windows Power Shell command and result (with matching SHA256 hash):
Code:
Get-FileHash Desktop/bitcoin-22.0-win64.zip | Format-List
Algorithm : SHA256
Hash : 9485E4B52ED6CEBFE474AB4D7D0C1BE6D0BB879BA7246A8239326B2230A77EB1
Path : C:\Users\\Desktop\bitcoin-22.0-win64.zip
Can you tell us exactly where you download bitcoin core?
It's a first step to verify that bitcoin core you downloaded is from legit source.
Another suggestion there are other guides on the forum that you can follow the right way how to verify Bitcoin core like this post below.
- https://bitcointalksearch.org/topic/m.49491917
And then use achow signature here https://bitcointalksearch.org/topic/m.61568010
It's a first step to verify that bitcoin core you downloaded is from legit source.
Another suggestion there are other guides on the forum that you can follow the right way how to verify Bitcoin core like this post below.
- https://bitcointalksearch.org/topic/m.49491917
And then use achow signature here https://bitcointalksearch.org/topic/m.61568010
Apologies for the late response, I was on a travel and had no ways to check this forum.
This is the link where I got my download; https://bitcoin.org/bin/bitcoin-core-22.0
I'll check out the forum that you linked me, thanks in advance for that!
Can you tell us exactly where you download bitcoin core?
It's a first step to verify that bitcoin core you downloaded is from legit source.
Another suggestion there are other guides on the forum that you can follow the right way how to verify Bitcoin core like this post below.
- https://bitcointalksearch.org/topic/m.49491917
And then use achow signature here https://bitcointalksearch.org/topic/m.61568010
It's a first step to verify that bitcoin core you downloaded is from legit source.
Another suggestion there are other guides on the forum that you can follow the right way how to verify Bitcoin core like this post below.
- https://bitcointalksearch.org/topic/m.49491917
And then use achow signature here https://bitcointalksearch.org/topic/m.61568010
Can you post the full output?
Are you sure that you are verifying the correct files?
Are you sure that you are verifying the correct files?
Bitcoin Client Software and Version Number: Bitcoin core V22.0 win64
Operating System: Windows 10
System Hardware Specs: /
Description of Problem:
I get a message "gpg: BAD signature from *insert dev*" when trying to verify the PGP signatures of for my bitcoin core installation.exe. Is this a clear sign that my software has been tampered with? Or is there another explanation?
Screenshot of the problem: https://imgur.com/4GVmT1j
Thanks in advance for your help. I'm not a tech person so this whole ordeal has been quite difficult for me
Operating System: Windows 10
System Hardware Specs: /
Description of Problem:
I get a message "gpg: BAD signature from *insert dev*" when trying to verify the PGP signatures of for my bitcoin core installation.exe. Is this a clear sign that my software has been tampered with? Or is there another explanation?
Screenshot of the problem: https://imgur.com/4GVmT1j
Thanks in advance for your help. I'm not a tech person so this whole ordeal has been quite difficult for me
Jump to: