Topic: Verifying Bitcoin Core - page 4. (Read 179877 times)
Thanks for this guide, very helpful!
I didn't get which version of GPG verifier to download. Would appreciate some help..
I'm personally using Gpg4win (Windows only) and I guess almost everyone else on the forums is using the same thing : https://www.gpg4win.org/ , If you don't know much on how to use it (beside verifying) then you could check this tutorial https://www.deepdotweb.com/2013/11/11/pgp-tutorial-for-newbs-gpg4win/
Thank you , mate
I didn't get which version of GPG verifier to download. Would appreciate some help..
I'm personally using Gpg4win (Windows only) and I guess almost everyone else on the forums is using the same thing : https://www.gpg4win.org/ , If you don't know much on how to use it (beside verifying) then you could check this tutorial https://www.deepdotweb.com/2013/11/11/pgp-tutorial-for-newbs-gpg4win/
I didn't get which version of GPG verifier to download. Would appreciate some help..
C:\Users\main\Desktop>gpg --verify 1.txt
gpg: Signature made 01/03/17 08:20:59 GMT Standard Time using RSA key ID 36C2E96
4
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release
signing key) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964
thanks, all looks good, thanks for your help.
anyone know what im doing wrong with pgp?
i confirmed my sha256 hashes are correct, but this happens when i try to check pgp sig.
i imported keys from op.
C:\Users\main>gpg --verify
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256eda24dcf0b9fae606eb9811f74ddba69a3
287316950f3f02b3000b6b1c02b65f bitcoin-0.13.2-aarch64-linux-gnu.tar.gz3c460784d
3ab64645d48389c467336a38da473706a69f22f39cfcce5e0f33780 bitcoin-0.13.2-arm-linu
x-gnueabihf.tar.gz790e4c7ebf9f4a734d1d2b6bb5e9f5fb3f613f6f93da30fd1420c5b4115dd7
2f bitcoin-0.13.2-i686-pc-linux-gnu.tar.gz8037b25310966127c589eb419534d7763ad62
c2c29b94e0a37a5c5f5d96f541a bitcoin-0.13.2-osx64.tar.gzdac105b49c159a3d8c9463d1
f05afe4cf29ec40bbd145e8961132693b7eff953 bitcoin-0.13.2-osx.dmg621201189c0409cb
17a5073278872dcdcfff1ea147ead6958b55e94416b896d7 bitcoin-0.13.2.tar.gz27c4be7f5
71050f6c361e44ca70553d4d2b555b69d568306b676734100d929e1 bitcoin-0.13.2-win32-se
tup.exe4d1c26675088219d8e2204b5a9f028916d5982db860298a70b6ed08e30af2a53 bitcoin
-0.13.2-win32.zip8960defc12287dd9248b99bab02a0854c072e6a3850757036c585cbd628217b
f bitcoin-0.13.2-win64-setup.exee07ce2a8cc0913fb253a42073fd3b94921da7f916366dd0
534f3b24cad7a733e bitcoin-0.13.2-win64.zip29215a7fe7430224da52fc257686d2d387546
eb8acd573a949128696e8761149 bitcoin-0.13.2-x86_64-linux-gnu.tar.gz-----BEGIN PG
P SIGNATURE-----Version: GnuPG v1.4.11 (GNU/Linux)iQIcBAEBCAAGBQJYa17rAAoJEJDIAZ
42wulk9CYQAILNYlO4D0yA0OL6MFVtIKeFJDPjxzNKe1YHzfVq/MQs/k7Evf+2AwqqRGWfNx5auWOzpR
kLSfr+p4EcHWaafimvehNrWzNpkFELsr26alfAAp4SpZk9pQaHVLQ5Yh8ajvzbBK0gPeZDEAGyyd5ifg
/bpvdDXIfdK5mWZa7XXGzrULW3bdutEfQ2t8VzTZWIUU5PP5aePhGY8AGuguGrap7rQsJrnAD66YQJWG
AkkpOJuj7rjlyldHP0km5sIwGZeEWKlsV0R+JpEvsn3NEuNb/LpzKAZ13rSohiZTWRF93ARta/gbP1RR
9WW2dZf/C3AjfZrHTcyMNw6iiLsLb13J9pHT2+RbyArfzoPyFoeVFq6E8alswRcXfO8+VBYTMSG/6S0N
WYHZejqdvbdLdMH+UtHAIMmtrGQ7SMhPhN8+0dELR4/pXnbFgwBnv6PndqpFwQJFptBn2hyNMgwrz0sd
LqP00iI0MaySJaGRtBGVxc6BDfA/KL/269g8p2mlhENGKk68iVMjrouufmTmQuILxKGBFRm2tGDntYVe
C5ozy9pU5nq2P9QxAHg0g/VUssdPySBCAQFkzVIAiDkQ9jlswGkPu8YcUVlrwiFduaxbM7vNiJgUBS8o
hZ3dlQ81Gql+ZgEgVGRM2f9jYoT3N8fAgWOkWT4vuKJM9Dp9OHvfct=194v-----END PGP SIGNATUR
E-----
^Z
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
C:\Users\main>
That is not how GPG verify works. You need to specify the path to the signature file, not the contents of that file. Your command should be something likei confirmed my sha256 hashes are correct, but this happens when i try to check pgp sig.
i imported keys from op.
C:\Users\main>gpg --verify
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256eda24dcf0b9fae606eb9811f74ddba69a3
287316950f3f02b3000b6b1c02b65f bitcoin-0.13.2-aarch64-linux-gnu.tar.gz3c460784d
3ab64645d48389c467336a38da473706a69f22f39cfcce5e0f33780 bitcoin-0.13.2-arm-linu
x-gnueabihf.tar.gz790e4c7ebf9f4a734d1d2b6bb5e9f5fb3f613f6f93da30fd1420c5b4115dd7
2f bitcoin-0.13.2-i686-pc-linux-gnu.tar.gz8037b25310966127c589eb419534d7763ad62
c2c29b94e0a37a5c5f5d96f541a bitcoin-0.13.2-osx64.tar.gzdac105b49c159a3d8c9463d1
f05afe4cf29ec40bbd145e8961132693b7eff953 bitcoin-0.13.2-osx.dmg621201189c0409cb
17a5073278872dcdcfff1ea147ead6958b55e94416b896d7 bitcoin-0.13.2.tar.gz27c4be7f5
71050f6c361e44ca70553d4d2b555b69d568306b676734100d929e1 bitcoin-0.13.2-win32-se
tup.exe4d1c26675088219d8e2204b5a9f028916d5982db860298a70b6ed08e30af2a53 bitcoin
-0.13.2-win32.zip8960defc12287dd9248b99bab02a0854c072e6a3850757036c585cbd628217b
f bitcoin-0.13.2-win64-setup.exee07ce2a8cc0913fb253a42073fd3b94921da7f916366dd0
534f3b24cad7a733e bitcoin-0.13.2-win64.zip29215a7fe7430224da52fc257686d2d387546
eb8acd573a949128696e8761149 bitcoin-0.13.2-x86_64-linux-gnu.tar.gz-----BEGIN PG
P SIGNATURE-----Version: GnuPG v1.4.11 (GNU/Linux)iQIcBAEBCAAGBQJYa17rAAoJEJDIAZ
42wulk9CYQAILNYlO4D0yA0OL6MFVtIKeFJDPjxzNKe1YHzfVq/MQs/k7Evf+2AwqqRGWfNx5auWOzpR
kLSfr+p4EcHWaafimvehNrWzNpkFELsr26alfAAp4SpZk9pQaHVLQ5Yh8ajvzbBK0gPeZDEAGyyd5ifg
/bpvdDXIfdK5mWZa7XXGzrULW3bdutEfQ2t8VzTZWIUU5PP5aePhGY8AGuguGrap7rQsJrnAD66YQJWG
AkkpOJuj7rjlyldHP0km5sIwGZeEWKlsV0R+JpEvsn3NEuNb/LpzKAZ13rSohiZTWRF93ARta/gbP1RR
9WW2dZf/C3AjfZrHTcyMNw6iiLsLb13J9pHT2+RbyArfzoPyFoeVFq6E8alswRcXfO8+VBYTMSG/6S0N
WYHZejqdvbdLdMH+UtHAIMmtrGQ7SMhPhN8+0dELR4/pXnbFgwBnv6PndqpFwQJFptBn2hyNMgwrz0sd
LqP00iI0MaySJaGRtBGVxc6BDfA/KL/269g8p2mlhENGKk68iVMjrouufmTmQuILxKGBFRm2tGDntYVe
C5ozy9pU5nq2P9QxAHg0g/VUssdPySBCAQFkzVIAiDkQ9jlswGkPu8YcUVlrwiFduaxbM7vNiJgUBS8o
hZ3dlQ81Gql+ZgEgVGRM2f9jYoT3N8fAgWOkWT4vuKJM9Dp9OHvfct=194v-----END PGP SIGNATUR
E-----
^Z
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
C:\Users\main>
Code:
gpg --verify SHA256SUMS.asc
The official binaries includes zip versions which do not need to be installed and can be run on any computer provided that it runs the right OS. You can just set it up with a shortcut or something to have the datadir point to your USb drive.
Thanks for the info - I'll give it a go (and will back up my wallet.dat etc etc)
Regards,
Slightly off topic, my PortableApps version of the BitCoin Wallet crashed the night before last with a window telling me to update to the latest version (so, it's on topic concerning the latest version and upgrading same) I've made appeals on BCT in the past to have the PA version of BitCoin Wallet updated but they have fallen on deaf ears.
So, in light of this thread and my BTC Wallet crashing solely because it needs to be upgraded, can someone cast their eyes on this: http://portableapps.com/search/node/bitcoin
Thanks.
The official binaries includes zip versions which do not need to be installed and can be run on any computer provided that it runs the right OS. You can just set it up with a shortcut or something to have the datadir point to your USb drive. So, in light of this thread and my BTC Wallet crashing solely because it needs to be upgraded, can someone cast their eyes on this: http://portableapps.com/search/node/bitcoin
Thanks.
Slightly off topic, my PortableApps version of the BitCoin Wallet crashed the night before last with a window telling me to update to the latest version (so, it's on topic concerning the latest version and upgrading same) I've made appeals on BCT in the past to have the PA version of BitCoin Wallet updated but they have fallen on deaf ears.
So, in light of this thread and my BTC Wallet crashing solely because it needs to be upgraded, can someone cast their eyes on this: http://portableapps.com/search/node/bitcoin
Thanks.
So, in light of this thread and my BTC Wallet crashing solely because it needs to be upgraded, can someone cast their eyes on this: http://portableapps.com/search/node/bitcoin
Thanks.
How about release version 0.13.1 downloaded from bitcoin.org.
Does it have more stable security than the 0.13.0...
Do you even know what this thread is about? The security problem isn't inherent to the client itself, but rather due to potential state-sponsored attacks on websites from which users would normally download. If you compiled 0.13.0 yourself, you would not have to deal with this risk. The same applies for 0.13.1, i.e. you should also verify the download.Does it have more stable security than the 0.13.0...
Thank you , that was what I meant , I just didn't clear my question...
How about release version 0.13.1 downloaded from bitcoin.org.
Does it have more stable security than the 0.13.0...
Do you even know what this thread is about? The security problem isn't inherent to the client itself, but rather due to potential state-sponsored attacks on websites from which users would normally download. If you compiled 0.13.0 yourself, you would not have to deal with this risk. The same applies for 0.13.1, i.e. you should also verify the download. Does it have more stable security than the 0.13.0...
How about release version 0.13.1 downloaded from bitcoin.org.
Does it have more stable security than the 0.13.0...
Does it have more stable security than the 0.13.0...
does this update require resyncing the blockchain?
No. It can and will use any previously downloaded data and your previously used wallets as it did before.cheers
does this update require resyncing the blockchain?
No. It can and will use any previously downloaded data and your previously used wallets as it did before.
does this update require resyncing the blockchain?
i have a question, do I need to download the entire blockchain file in order to receive my btc into my bitcoin core wallet?
You can receive regardless of your sync state. However, if you want to be able to see and spend the Bitcoin, you will need to be synced. You can enable pruning so that the blockchain doesn't take up as much space. 
i have a question, do I need to download the entire blockchain file in order to receive my btc into my bitcoin core wallet?
I have just downlloaded bitcoin core version 0.13.0 from bitcoin.org .is it good software?
Yes?
However how do I actually check the .dmg file that contains the installer is the right one?
If I run:
I get:
That's because the files themselves are not pgp signed and do not have any signatures.If I run:
Code:
gpg --verify bitcoin-0.13.0-osx.dmg
I get:
Code:
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
Greetings and thank you very much for this guide. I try to work best practices into as much of my computing as possible but using GPG has defeated my time/need/interest matrix for awhile.
What files do contain the signatures that we are supposed to be verifying? The OP's guide says,"Bitcoin developers and other interested people sign every release of Bitcoin Core using gitian." I thought this meant if I download a .sig file from the gitian page on GitHub, I could run 'gpg --verify' on the new program I downloaded from bitcoin.org to verify its authenticity.
After I've imported the public PGP keys & downloaded the assert.sig file from GitHub, when i run gpg --verify I get the following:
ninjasmurf$ gpg --verify /Users/ninjasmurf/Desktop/bitcoin-dmg-signer-build.assert\(1\).sig /Users/ninjasmurf/Desktop/bitcoin-0.13.0-osx64.tar.gz
gpg: Signature made Wed Oct 14 11:04:19 2015 EDT using RSA key ID 2346C9A6
gpg: BAD signature from "Wladimir J. van der Laan <[email protected]>" [unknown]
Why does this come back with a BAD signature?
Thanks in advance. Have a sweet day.
I'm not sure what I'm doing wrong, when i generate the hash it matches correct but then I tried verifying as below and got public key not found. I have imported the keys that were listed in OP, there were 5 i think
xxxxxxxxxxx$ gpg --verify SHA256SUMS.asc
gpg: Signature made Tue 23 Aug 2016 16:23:26 CEST using RSA key ID 36C2E964
gpg: Can't check signature: public key not found
I feel like it is safe to use the binary because the hashes did match, is that the case? why have i not go the right public key?
Double check that you have imported the key with fingerprint 01EA5486DE18A882D4C2684590C8019E36C2E964. That's the release signing key.xxxxxxxxxxx$ gpg --verify SHA256SUMS.asc
gpg: Signature made Tue 23 Aug 2016 16:23:26 CEST using RSA key ID 36C2E964
gpg: Can't check signature: public key not found
I feel like it is safe to use the binary because the hashes did match, is that the case? why have i not go the right public key?
Thanks for getting back to me, I must have done something wrong on importing the keys, I had missed that one somehow. Now I am getting this
xxxxxxxxxxx$ gpg --verify SHA256SUMS.asc
gpg: Signature made Tue 23 Aug 2016 16:23:26 CEST using RSA key ID 36C2E964
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964
I have a warning on the output now, is this something I should worry about?
Or can I now safely assume I have correct binary ?
Yes I have not personally trusted the key yet. this is a bit new to me but I intend to devote some more of my time to understanding it better as I agree that it is important to verify the download. Up until now I have usually just downloaded it and started using it right away without verifying anything.
Thanks for your help
Jump to: