10. Checking the Opal wallet AuthenticityGemlock is a decisive tools in our security roadmap, soon, Opal user will check, directly inside his wallet if this one is the good one (the last and certified one) and if it is not corrupted !
How it works ?
by comparing the SHA1 checksums of your Opal wallet and the official Opal wallet.
Does it work ?
yes, but it is not yet automated.
Let's get checking our last wallet, (here is the tuto):
For WINDOWS users:1. Go to C: create a new folder and name it FCIV
2. Download the File Checksum Integrity verifier :
http://download.microsoft.com/download/c/f/4/cf454ae0-a4bb-4123-8333-a1b6737712f7/Windows-KB841290-x86-ENU.exe3. In the file download box, click Save and save the file in the FCIV folder
4. Go to your FCIV folder and double-click on Windows-KB841290-x86-ENU.exe then click ok
5. Click ok to extract the file (if asked, extract the file in the FCIV folder),
6. Double click fciv.exe to run it.
7. Click start ,on the search field type:
Press enter, then click cmd.exe
8. On this black command prompt,
type
Press Enter
9. Download your favorite wallet on
www.opal-coin.com at the Download Wallets.
10. Type (and replace the .zip file with the wallet you downloaded, as there are 3 different wallets).
fciv.exe -sha1 c:\the full path\where you downloaded\Opalcoin-Qt-exchange.zip
the SHA1 checksum is the 40 numbers and letters, after File Checksum Integrity Verifier version 2.05,
example: 4c56186623bbaa7c2fea980b042270beafd3b53f c:\the full path\where you downloaded\Opalcoin-Qt-exchange.zip
11. Now, type:
And press Enter
it will displays your DNS sometime we encounter surprise here so you can check if they are yours, or if you have a box: if they are those of your ISP, type "Your ISP name DNS" in google to know them, and... anyway we need to type it
12. Type:
Press Enter
13. Type:
Press Enter
This order displays the genuine Opalcoin SHA1 checksums (the 40 numbers and letters).
14. Compare this guenuine SHA1 with the checksum fciv.exe gave you: they MUST be the same.
(beware to check the SHA1 of the good wallet as there are three Opalcoin client, to check it, just look at the name of your Opalcoin-Qt-Folder. Now in the command prompt look at the one which match with your Opalcoin-Qt)
If the SHA1s are not the same: Close your wallet, save the
wallet.dat in a easy retrievable folder (but not into your Opalcoin-Qt folder and not into : C:\Users\YourUserName\Appdata\Roaming\Opalcoin),
go to C:\Users\YourUserName\Appdata\Roaming\ and delete the folder Opalcoin, go to your Opalcoin-Qt folder you use to launch your wallet, delete the Opalcoin-Qt folder.
Type:
Press Enter to quit the nslookup utility.
Go to
www.opal-coin.com and click wallet download, choose the walllet you need.
Now it is simple and cool, if you want to test again your last download from this simili-trusted pseudo-true opal-coin.com (maybe you were not on the right official website
)
Type (and replace the .zip file with the wallet you downloaded, as there are 3 different wallets)
fciv.exe -sha1 c:\the full path\where you downloaded\Opalcoin-Qt-exchange.zip
Enter, check.
If the SHA1s are the same: Well done you have a certified official Opal wallet !
You can now run it, let it sync, (it is quite long : 2 to several hours) and close it.
Go to C:\Users\YourUserName\Appdata\Roaming\Opalcoin
and put your saved
wallet.dat into the folder. now start again your wallet: and stake cool !
_________________________
For LINUX users:1. Start a shell / terminal, i.e. a text based command line utility
2. Go to the directory to which you downloaded the wallet software by typing the following command to the terminal, followed by enter, replacing “ /path/to/download folder ” by the actual location of the folder where you downloaded the wallet software :
cd “ /path/to/download folder ”
3. Type the following command to the terminal window, followed by enter, replacing “ Opal-Qt-opaque.zip ” with the name of the file you downloaded:
sha1sum Opal-Qt-opaque.zip
The sha1sum command outputs a line similar to this:
3a099ff6e8831885b00431bee693ea40b3ff9e39" Opal-Qt-opaque.zip Take note of the random-looking 40 characters string. It is the SHA1 checksum of the file you have downloaded. Now compare it to the checksum provided by the DNS system at step 7.
4. Start the DNS lookup utility by typing:
followed by enter:
5. At the nslookup utility prompt (>), type the below command, followed by enter:
6. Now type the address provided by the wallet developers to the nslookup utility prompt, followed by enter:
Take note of the 40 characters SHA1 checksums returned: checksums.opal-coin.com text = "Opal-Qt-opaque.zip
3a099ff6e8831885b00431bee693ea40b3ff9e39"
7. Compare the SHA1 checksum created at step 3 to the one provided for the same file by the DNS service at step 6. If checksums are identical : the wallet file you downloaded is genuine. If the checksums are different, make sure the version of the wallet you have downloaded is the latest one, and repeat all of the above steps. If the checksums are different after couple of hours have passed, please contact the Opal developers for advice.
_________________________
For MAC users:1. Open a Terminal (located in: /Applications/Utilities).
2. InsideTerminal prompt, type:
openssl sha1 /Your_full/path_to_file/Opaque-Final-Mac.zip
Press Enter
It dipslays the SHA1 checksum you will have to compare: 40 numbers and letters, here in red:
SHA1(/Your_full/path_to_file/Opaque-Final-Mac.zip)
3eb807b340d4e57aa79bb5422b94d556888bba60with the SHA1 checksum of the official and certified opal wallets in the nslookup utility:
3.Type nslookup
Press Enter
4. After (>) type:
Press Enter
5. Type:
Press Enter
6. Compare the SHA1 checksum returned (still 40 numbers and letters), here in red with your wallet checksum, above:
something like: checksums.opal-coin.com text = "Opaque-Final-Mac.zip
3eb807b340d4e57aa79bb5422b94d556888bba60"
7.Type:
Press Enter to quit the nslookup utility.
If SHA1 checksums are the same, it means the wallet software file you downloaded is genuine. If the checksums are different, close your wallet, save the wallet.dat in another well known folder. then uninstall your Opalcoin-QT and download the latest version at
www.opal-coin.comObviously, you can now quickly check your brand new latest download:
in the terminal type:
openssl sha1 /Your_full/path_to_file/Opaque-Final-Mac.zip
Press Enter and compare with the Opaque-Final-Mac.zip checksum of your last nslookup. if it is still different, call a developper on IRC :
http://webchat.freenode.net/ channel : #opalcoin
If the SHA1s are the same: Well done you have a certified official Opal wallet !
The next step into security is to automate these processes, stay tuned
...
(P.S: thanks to Jyri from altcoin.center for the linux tutorial)
(P.S #2: the checksums written here are not real, these are just examples)