Title: How to verify bitcoin binary with gpg pgp signature? Post by: cosurgi on September 13, 2013, 09:16:30 AM Hi,
This is constantly evolving, also I don't see any GPG signature to use on http://bitcoin.org/en/download so how to I verify this latest bitcoin binary? For example on https://litecoin.org/ I see a GPG signature which I can use to verify easily using these commands: Code: wget https://litecoin.org/downloads/linux/litecoin-0.8.4.1-linux.tar.xz How is it done for bitcoin? Maybe it is even simpler for bitcoin, and I'm just blind. If it's not easier, then please could you fix the bitcoin binary download page? Title: Re: How to verify bitcoin binary with gpg pgp signature? Post by: gmaxwell on September 13, 2013, 09:27:13 AM How is it done for bitcoin? Maybe it is even simpler for bitcoin, and I'm just blind. If it's not easier, then please could you fix the bitcoin binary download page? Time for new glasses:See "Verify release signatures" on http://bitcoin.org/en/download Title: Re: How to verify bitcoin binary with gpg pgp signature? Post by: dserrano5 on September 13, 2013, 09:34:07 AM Code: $ gpg --verify SHA256SUMS.asc Title: Re: How to verify bitcoin binary with gpg pgp signature? Post by: cosurgi on September 13, 2013, 09:37:40 AM Time for new glasses: See "Verify release signatures" on http://bitcoin.org/en/download Thanks, indeed. Here's how I did that: copy-paste http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.5/SHA256SUMS.asc/view into some text file, in my case I called it bitcoin-0.8.5-linux.tar.gz.sig (I wish I could just use wget), then run this: Code: $ gpg --verify bitcoin-0.8.5-linux.tar.gz.sig Looks OK. Then compare that with Code: $ sha256sum bitcoin-0.8.5-linux.tar.gz So I think that with litecoin it is much simpler. Just look in my opening post - it was a three liner for litecoin. Here I must copy paste, manually download from website, and perform a comparison of sha256sum written in the text file (likely with grep & copy-paste). With litecoin it was just two times wget, and one gpg call. Title: Re: How to verify bitcoin binary with gpg pgp signature? Post by: dserrano5 on September 13, 2013, 09:59:23 AM So I think that with litecoin it is much simpler. Just look in my opening post - it was a three liner for litecoin. Here I must copy paste, manually download from website, and perform a comparison of sha256sum written in the text file (likely with grep & copy-paste). With litecoin it was just two times wget, and one gpg call. With bitcoin you download bitcoin itself and the SHA256SUMS file. Then you gpg validate it and compare the hashes. It's only an additional call to sha256sum so no big deal. Title: Re: How to verify bitcoin binary with gpg pgp signature? Post by: cosurgi on September 13, 2013, 10:07:14 AM Hmm, that "This key is not certified with a trusted signature!" is a little unnerving. OTOH I did trust this signature with my money, perhaps I should tell about this level of trust to gpg? This way all future signature checks will say something like: level of trust - all your bitcoins.
What do you think? Title: Re: How to verify bitcoin binary with gpg pgp signature? Post by: dserrano5 on September 13, 2013, 10:24:22 AM Hmm, that "This key is not certified with a trusted signature!" is a little unnerving. OTOH I did trust this signature with my money, perhaps I should tell about this level of trust to gpg? This way all future signature checks will say something like: level of trust - all your bitcoins. That is related to the GPG WoT and has nothing to do with bitcoin. |