This thread presents basic steps to do verifications. For more details, please read more sources.
There are so many bad guys around, and there are so many phishing sites on which you can see and download dangerous faked cryptocurrency wallets. If you get trapped by faked wallets, I am sure that your funds will be stolen. It's just a matter of time that how long bad guys will steal your fund after you installing and storing your fund in faked wallets.
Days ago, the news about
the compromise on Monero site gives me a reminder to make the thread for newbies. Honestly, it is a very good opportunity for me to learn more about verification. Previously, I only knew and did verification for Electrum wallet. Now, when I made this thread, I have read more sources, from Bitcoin Core to Dash, and Monero; and I definitely and fortunately learned more valuable things.
This is another lesson for newbies: Learn first to improve; then help others. From progress to learn and help, you will become more knowledgeable; then you will be more safely in crypto.
Why do you have to verify wallets before using them as storage of your fund?
"Prevention is better than cure".
Basic steps:You should verify three steps. More things to do if you want (if yes, read more in mentioned sources).
- Hash values
- Developers' public keys
- Verify the installer signature.
- All things you use to verify, get them by yourself. Don't trust what I quoted below
Download
gpg4win software at
https://www.gpg4win.org/After downloading, checking integrity (verify) the downloaded file first.
Yes, you must verify first, don't trust even you download GPG4win from its official website. It is very terrible for you to download a phishing gpg4win software to verify any cryptocurrency wallets.
You can see how to install gpg4win software
Verify binaries on Windows (beginner), hereThe full guide is here:
https://www.gpg4win.org/package-integrity.htmlThere are 5 methods to do that. I would like to recommend you to read the section: Download and Install Gpg4win:
Get it SHA1 hash value here:
https://www.gpg4win.org/package-integrity.htmlCopy and paste the hash value you get from the Command prompt to using Find on that page to compare your hash value with the one provides on official site of gpg42win.
They are matched so I download a legit GPG4win software.
In addition, you can use the Windows PowerShell (Admin) - for Windows 10 - instead of the Command prompt.
ElectrumDownload it at:
https://electrum.org/#downloadSignature: get it here
https://download.electrum.org/3.3.8/electrum-3.3.8-setup.exe.asc-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEZpTY3nvo7lYxvtlQK9WCS3+UcOYFAl0nRwYACgkQK9WCS3+U
cOZ3/w/8Cby13TYcHWY4j12p/hKZqaGA7lPpma1dtcWriCMEdJMy5Nqb6nwQEQQn
fM6ZXSqaDwR7W5M2iaWB5iU+dHRPIs7uctsuP0BgK0mep1yduMQxOtxuDyq5dj/g
GY6jYkFUD4GvrLH4vvOWYGmWZ7oeb9J3ogkgjcHoDIWwOTz+5w2UefTTpsjfo4/s
Y/lxDM778BV9BGF6GC/Mmpmsv8tF0brRT1T3aku91ARPRBSq0Y78/wjKB4ajq8y4
vArX4ZifqXWlURGwu8NiwnUK4Icg/uxa25DBsHC09Bd1X14j0MzPQZW2QRNjeWJe
Yf1NWLG4BqZRc1FKdU285wvZAm8t33lB7XOJFKxdUuiI3LJM2J10CCYMoDv2P+dp
lRq4aIvB1vNFQTHhkmH8y1OF48LpKqZ6BIwRqMzpOWTAv0hCQBsW5ao4hGY+etgk
StkxZizzc7r8WJkpeYzII6mebhfjiG/ImYeqTVrhdoG9S3R7o+mLTmp2xlChOFb4
GQgoEryQxi9vOvmMmDjOH1NCvwvKMpxQMgp6mlD/aORroDVv7vv5wxqC/EEvRA23
pVhvWJvjPEX0sKv6EKJB3b/8Ny24mOIPt2DHDZcl465jPrwHwoESOLR85mWcYUF0
6k/g2ZvWO4u0suRUyBPyTeuHsXvoPdTlylWu6/qOT9N8pKvagjk=
=8Eq5
-----END PGP SIGNATURE-----
Search dev key ID on MIThttps://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6Electrum dev: 0x2BD5824B7F9470E6
Pub keys of developersThomasV's public keys-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBE34z9wBEACT31iv9i8Jx/6MhywWmytSGWojS7aJwGiH/wlHQcjeleGnW8HF
Z8R73ICgvpcWM2mfx0R/YIzRIbbT+E2PJ+iTw0BTGU7irRKrdLXReH130K3bDg05
+DaYFf0qY/t/e4WDXRVnr8L28hRQ4/9SnvgNcUBzd0IDOUiicZvhkIm6TikL+xSr
5Gcn/PaJFS1VpbWklXaLfvci9l4fINL3vMyLiV/75b1laSP5LPEvbfd7W9T6HeCX
63epTHmGBmB4ycGqkwOgq6NxxaLHxRWlfylRXRWpI/9B66x8vOUd70jjjyqG+mhQ
+1+qfydeSW3R6Dr2vzDyDrBXbdVMTL2VFXqNG03FYcv191H7zJgPlJGyaO4IZxj+
+O8LaoJuFqAr8/+NX4K4UfWPvcrJ2i+eUkbkDJHo4GQK712/DtSLAA+YGeIF9HAn
zKvaMkZDMwY8z3gBSE/jMV2IcONvpUUOFPQgTmCvlJZAFTPeLTDv+HX8GfhmjAJY
T5rTcvyPEkoq9fWhQiFp5HRpYrD36yLVrpznh2Mx7B1Iy8Rq/7avadwVn87C6scJ
ouPu+0PF3IeVmYfCScbfxtx1FaEczm8wGBlaB/jkDEhx0RR8PYKKTIEM7T2LH2p6
s/+Ei4V7mqkcveF/DPnScMPBprJwuoGNFdx2qKmgCKLycWlSnwec+hdyTwARAQAB
tBlUaG9tYXNWIDx0aG9tYXN2MUBnbXguZGU+iQI4BBMBAgAiBQJN+M/cAhsDBgsJ
CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAr1YJLf5Rw5hlhD/9T4I/sBCleS9nH
njTJqcOnG28c9C3CRYIizjEui/pKmXz9fB1N9QrCaruPUQx2UacDVCl6dKxac+7s
s3/a6lsjaRn0/2OM/sCVLScyxNPNPQs2b6jkodSNPIM8zv51g+flhwtfrO6h6B4j
IhZgSjFdvqtZd5jaly9rA0uMX045CC4K6HGnq8n4F2p31z0L0LaHBf5EcsCM0MMp
QVkY0aUrNg9uVMGXBHn3osHnOtQaODqcIbpa/OG+Tlt6pVOiDJ7i8TkpQKT7sOaM
VdL//TEoDIOC7qVCN82q2q/gtiBXbziaERVs/eU0O52aX5qUhXu3VIjXTp/riRim
R/f9BPB1dgDZbF2aPZ/rJm26v82ft7gP1Sf52E9MrAaZATTfI0/TUHXeBzN93EA9
xb6/ENAMTX74u+NjlynWPD+hl64eBzJ2ionZF1bJFTgBkMfRYnhllvleCjcq9YfX
md5HKCwtxfygBIujUQSwyUzn0f5DbVCJ7/B19bKdvHGSSBgBEjxqXWQskm2wc0In
ww63goZAGDQliKhIT8xnwOBbLkqSobq4tD9zpQyxvMA2rhy7/gfFRp7TTak7MZHf
lTJ37S5LvcWHm/ccWUZDUN7akoEDc+m6jX3uIEPMD3PQvcHhWv0amco3zDr1qb/+
rXM7TJKd7DPX0E2dRzKu6aYRMTbklbQhVGhvbWFzIFZvZWd0bGluIDx0aG9tYXN2
MUBnbXguZGU+iQI4BBMBAgAiBQJTQDaRAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIe
AQIXgAAKCRAr1YJLf5Rw5hOBD/9o/NqHLvjhrCfy6/SblSC/udV9ujFnvhZZZprb
r8Oe6GdMwfw+ktZd2nYb09KjxXYmGoZeZKmvCb0LoMKSVWgisH1rgzDzI6UzFL4b
pV2+PqCSiWaekfnBm+oHbGgJCuAXebGXjVL8JsvhAl0HQZzTA1RX0u8TEAHOxOI5
l+mXSN+cwVZuDMpt5v+JDyPGHM/KqaXCw1WJY50mqlan6/15XHilmvY/CaxmbXNH
ZOXucmPxyCTeiQTqyhHsIBb4RxWYCaUXv9+svriotv2HZpQ110NN09ml1K1kDlNL
Zh3jNqMsbImFArbN8GikjqhRBV3K77Np4lccnsBPllQMqqQULG7UshcQTatkmTMb
j2TQ0oQWEZt0uJmnmxgz18ijs6m2fJZhlH0QYVYOwUvK6GfAFluHwOZHIXonv8Ck
uTW+P90lOB/9ZnREZeYb2wlvV6fCTMHxptIbT31kbLTzu4KEI6+ShQXT+YAKiC5S
JC9heheaeApH3wcLiZJcCKYv6ubY+3Uf/EoXcqWywwpS/nWkSpMSYjq+V9xCcGHI
MZ4vZkiZ6OS5Mu739rgGfP7Yi3pqUYLIpUa5QiNOMEhPtWbj/oH5ldaZowwgZ4MK
2Mzxex8IhFppPtZgqJfu9NZQLICpxcd2hUe3XWvB+jcvboZ1p7RO7ax3Vo9zy1fy
YEFML7Q9VGhvbWFzIFZvZWd0bGluIChodHRwczovL2VsZWN0cnVtLm9yZykgPHRo
b21hc3ZAZWxlY3RydW0ub3JnPokCOAQTAQIAIgUCVMYFygIbAwYLCQgHAwIGFQgC
CQoLBBYCAwECHgECF4AACgkQK9WCS3+UcOZ7BQ//VJuRmM7kQd5DcJS76BKpMtKt
gUNV3hi2h8kNGtkIeKhpeiK+PeweFJCb0nQDiEYsg5Xd/l5ZwN34cqlhgaQ8uWBY
rmNnSYGECLrxejx6WTWHp2AtD9BXrj73HEox2abC0Bdky39aCTyuRhSzbFnV2unh
L7IarKqr5bat6ywFZWsOcaisEjWXlTSD/hYqnkRX8vnBZRnRgHyi1yOvHsXGFB3x
O+P7JUb4E7BVzVRDJzMgcBhY5vTZ4Mnc8eIplNVI1TaF2hmhmnezvRF6XNYV1Ew9
t2/HE85+DqIBikUWYPTTxJiWUOwxXP9dVOEmNTcAgVThvMN7W+WoF7//qcNKmbPI
DyGU5xb/MLNrM+MWfavtkHNqcY0+cFf27z4mOxd2eEMDVxN/Fhq0HipugMEawaZ0
G9xsF/rZBzKgpu7+SvqRqxUn36vNz59vDlBYEXSng6nJobUdNb6iHo/rpZ6ZYHKx
mzrK5ROpmKs6zpPTOn8Hw29jxx07auzEIVEa8hzZaiqTfwI9yBwzhFQwNxmNaKRE
adxosvU1VyTvaEVmMmTx227MF1qhwq9yrSXtmKZJGiHRzyL4B4vAGrf9uK9GwzS2
TlyksRdjapw6Cqp8sUB2PUzHqYNWs0wSsZuxwVt6JSD4N8vpYTTF00LONKe2oLhj
GNxpH+BV3SqMHXQl9Ki5Ag0ETfjP3AEQAL5LYJiX5S4PG891TMihejh5KVgc36/R
zgWYJkE26K855t+WdAa6spHKR1RmpTTsnaTXaC/bNxJZq+0vi9GKlw94twEueu0v
Cniinpy6AFeydveCi+qdr5XQ4hx1DY11kntGBL2wMOtrZ4oAeFnntHYcAMYaMBY5
p8gd3WVR2dgIvpOcezQBLwhoMHnN6A+JEQ27ZHcolwDO9ic+t4YAtl552DP1xKbc
T4D1JD0J6W6FbUJElOXReSjNGCuSLZZTsCzMg0P6RHwWUKtDvRKrK/M3Nh/L2EsW
5mAQnYps6a+hyVkVd9kLsogtHPE4xv33pzbDB5Yj+2zqdjYUqO/ODfkP+HjNRvyj
uHL6W3bjU6FnuJQXX4llskls4hlKDPawa3cuWnsdafouAZOxWwBlGysRZ7BaHOFE
TOlAeUN1EYfFrckcfkYzTX7NDA0S99aX730z/c9XrnqM52OO9LrSFRnYZ+K3M8z2
FFvo9/ZtqqTDH0/oH+ay0CwtowSovZUoljAQ8zmmi8CtPDFHg4srae8YxW4fetn7
QtP6rOVRwQCyP12LztC7oYGOectU5G9GkVDubNW48Vuex0/upP9RORjKN8atBroS
cmomR5hShxmgdJBy4I/TDkVFbZq/hRPSTAHgnciEC67TYhszzXP3nTn5/Ah0wCGC
d3HfiNX6G7MdABEBAAGJAh8EGAECAAkFAk34z9wCGwwACgkQK9WCS3+UcOaJRA//
dLHRBjeAkNbRsY5GNTWUZzXr3VC5vNqpwpP9rK4QTAmpl3iU5F+wsgMG78iS2XOV
+ijZA8KvishletQJoNMxS1PU4sA4Y34hYb61ptHs+PmwNpcdgjAX+mCh9xQ0816G
yIaXtxtxacJJW3K07fqKIkJjISPOyTLSd+wl1LtRE2fA67pMmpMHG8t+RPq1dp/e
3qp6L7jc6X3U+bn2m7u2cgEVbuAnSaKGoMSMnsd71Ltf1b6/DwvZz/HBttEgcgSm
PleHUVyBD4LDrcjTDK7zdEMw7b/cPBnu6CmTcogFEqvB4n9Yodo+4ij7AndUTz4J
j1p8vFlnHvhRg82MDfGUPJ+ujBjbYXROs+WAmaCQ8TgjZ3dAFNFrOqAbYu6QlY2x
fu7vj+ruc6ArdmBrOlsJFmNsxFRJfgdUug5JFIUN77GbjisHjWem8cY3szuyEke8
H2pi803CAuVtkaoNmNDHsEBieft34Zo0V+A/q2wkix3S9vyRjOKqhGrW30qxnV6Z
FexueWuO3qOQ0ZU5/TIH0kft2n45/RexeBq/Ip52zE1vEvTkQmBCfCGZmqTu+9Ro
8qsjecxVNxyVPlwhlimryiQ+dPaJYaOSfiwEEMh2MyV5c6t6qN9n6jFdiCLOlmmH
ZFA8xDodsofQEmlv+I/xyEZ7na6nxbpZVuPC3B0JFtY=
=sUYl
-----END PGP PUBLIC KEY BLOCK-----
Get it hash fileKey pair and verifyYou have to enter paraphrase
Import key:Linux:
Windows
https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-windows/
MacOs
https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-mac/
Check fingerprints from third-partieshttps://www.youtube.com/watch?v=hjYCXOyDy7YWeb of Trust:
https://en.wikipedia.org/wiki/Web_of_trust
DASHDownload wallet here:
https://www.dash.org/downloads and you can also see hash file for Dash Core or Dash Electrum.
Then you can directly use the site:
https://keybase.io/verify to verify hash file of Dash Core, for example
7058b28f5b1028caa862c8a29e34a683f8abacfa6ddd50caf37cb1d1f21ef1dd dashcore-0.14.0.3-aarch64-linux-gnu.tar.gz
37c96f2bf56bef55d5acc980a6ae96c1b6dfc6ad29b4c985f1b3392a9f9ac4bb dashcore-0.14.0.3-arm-linux-gnueabihf.tar.gz
3859e654526bc7171dc613c0de1867b710220feae754d6d58792ef8a37452768 dashcore-0.14.0.3-i686-pc-linux-gnu.tar.gz
8ad9de5ad2a428fff9a1b71e6b711ac0e8132069706902431c4c51bcd5171153 dashcore-0.14.0.3-osx64.tar.gz
8460c124dd2a1943b629ea9c40e99b5e510831edce9e8f6644e3096aa01fac01 dashcore-0.14.0.3-osx.dmg
4743a15824cd0a81d72922ed9318a6de5cba62964a608ae772de578274226751 dashcore-0.14.0.3-osx-unsigned.dmg
65060ea4a38b55e7f1298997be40abab1277b5ffba0e6cf7358d40e49b3f05b8 dashcore-0.14.0.3.tar.gz
adb078691090b62e331d2eb8f2841de2e837f27b6ce8dcfef107cb9682222bd2 dashcore-0.14.0.3-win32-setup.exe
032cb5cec4f09b1a30934ed17fb3bee3b68c73b5b64f93a86fa3cf2605273889 dashcore-0.14.0.3-win32-setup-unsigned.exe
57ae3e71105dfca31a07011c24b849cf616b4ead4491f0f089a04c69f9f023b3 dashcore-0.14.0.3-win32.zip
87a0af9daeb05d33be4e2cb675cb296ab7b6745079c9e65ec79850e31ac0df2f dashcore-0.14.0.3-win64-setup.exe
8783145bcb0439c4ead82f1106978e349e180ee852246897e8aca84201d2aba1 dashcore-0.14.0.3-win64-setup-unsigned.exe
0c3fe9a3658f4b676596154b085793fe6674f4d2c5c6015146f8bcedc883e25a dashcore-0.14.0.3-win64.zip
28d45537e1c982967075742f9f6ff631d6de72d075091d53ff039ed8919714ba dashcore-0.14.0.3-x86_64-linux-gnu.tar.gz
Copy and paste above code (that you get in the SHA256SUMS.asc file) to the box and click verify. If you download a legit wallet, the result will be shown as "Signed by codablock". Click on the name to see who is codablock at
https://keybase.io/codablockYou can do this on GPG4win after importing codablock's key too.
There you go: GPG verification results I get by clicking on dashcore-0.14.0.3-osx.dmg.asc (assuming you have GPG Tools installed and codablock's key imported into it already) on top of Downloads with the binary itself and this signature file on top of Github releases page with both these files lilsted
Dash Github's TagsCredits to qwizzie and UdjinM6: You can read more details of unofficial guides from two users
here
MoneroFollow the guide below to verify both hash file and binary file.
Sources:https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-windows/https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-mac/http://www.differencebetween.net/technology/software-technology/difference-between-pgp-and-gpg/Verifying Bitcoin Core (theymos). I don't use Bitcoin Core but if you use it, you know what to do: Verify first, don't trust.