Verifying Bitcoin Core

[theymos]

It is important to verify the integrity of Bitcoin Core before running it. Depending on how you downloaded it, it may have been modified in transit to do something evil when run. The server hosting the download may also have been compromised.

Even if all of your favorite Bitcoin websites are yelling at you to immediately download something lest you lose all of your coins, you should NEVER run Bitcoin Core software without verifying it first.

Easy way 1

Final Windows and Mac installers are digitally signed by The Bitcoin Foundation. (Note that The Bitcoin Foundation is not actually strongly associated with Bitcoin development -- it is just convenient for them to sign the releases.) On Windows, you can check this by right clicking the installer, choosing properties, and then going to the Digital Signatures tab. Check that it is signed by The Bitcoin Foundation, Inc..

Prerelease versions are generally not signed.

Easy way 2

Get the sha256 hash of the Bitcoin Core release you downloaded. On Linux, you can run, for example, sha256sum bitcoin-0.16.3-x86_64-linux-gnu.tar.gz. On Windows you can run (at a command prompt) certUtil -hashfile bitcoin-0.16.3-win32.zip SHA256. On Mac OS X, you can run shasum -a 256 bitcoin-0.16.3-osx.dmg.

The hashes of the most recent release and prerelease versions are below. Hashes for older versions are available here (SHA256SUMS.asc under each version is a text file that can be opened with any text editor). Simply verifying the hashes of the Bitcoin Core release you downloaded against the appropriate hash in the list here will provide some extra security, but ideally you should also use OpenPGP software such as gpg to verify that the hashes were signed by someone you trust.

0.16.3

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

0768c6c15caffbaca6524824c9563b42c24f70633c681c2744649158aa3fd484  bitcoin-0.16.3-aarch64-linux-gnu.tar.gz
fb2818069854a6ad20ea03b28b55dbd35d8b1f7d453e90b83eace5d0098a2a87  bitcoin-0.16.3-arm-linux-gnueabihf.tar.gz
75a537844313b0a84bdb61ffcdc5c4ce19a738f7ddf71007cd2edf664efd7c37  bitcoin-0.16.3-i686-pc-linux-gnu.tar.gz
78c3bff3b619a19aed575961ea43cc9e142959218835cf51aede7f0b764fc25d  bitcoin-0.16.3-osx64.tar.gz
c67e382b05c26640d95d8dddd9f5203f7c5344f1e1bb1b0ce629e93882dbb416  bitcoin-0.16.3-osx.dmg
836eed97dfc79cff09f356e8fbd6a6ef2de840fb9ff20ebffb51ccffdb100218  bitcoin-0.16.3.tar.gz
1fe280a78b8796ca02824c6e49d7873ec71886722021871bdd489cbddc37b1f3  bitcoin-0.16.3-win32-setup.exe
e3d6a962a4c2cbbd4798f7257a0f85d54cec095e80d9b0f543f4c707b06c8839  bitcoin-0.16.3-win32.zip
bd48ec4b7e701b19f993098db70d69f2bdc03473d403db2438aca5e67a86e446  bitcoin-0.16.3-win64-setup.exe
52469c56222c1b5344065ef2d3ce6fc58ae42939a7b80643a7e3ee75ec237da9  bitcoin-0.16.3-win64.zip
5d422a9d544742bc0df12427383f9c2517433ce7b58cf672b9a9b17c2ef51e4f  bitcoin-0.16.3-x86_64-linux-gnu.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJboV68AAoJEJDIAZ42wulkrD0P/iULbLc7SRAXPPaQDxRV+nXO
bTOF3Ueti1hOY9/02drnfd5z2HNYuZGJvL4t5UuVrSM/KGPbwMNPq0MLoVqp0z91
yWCPTUdbjnvstJ5maFSZ3EHHrmKKR/8Ue6VVT1rDwZHTjKSUMli05QhRWsQsGgdp
gVrCId/572xJw9R7QGtcatoP1Y+LpDf3PGsfSn7YLzezvXMDjrgYAXaW/QYPbl5I
+vGSmNPhjnQpatVgg7OnLgyCAul7Rqq898MURpAboMC7qgbsINZ4UVha0IqFPWt9
HS9z84wtOsV69gDro5BpgtMSXjvjdTAOs9wq+VGgxfZf1K3kFZ6zVmrP/Ea/HJKV
WbIYNyvW/bnK/GA2gfciqmjAL0xjhWnCzBdrFSbIAHbfoHIOeSw2TSJ90Oiqb1ch
cgIWZpEzoteVtMEoSOhCiPFHEAYOO8DiBkqLUgc0CkkcXfffeQEO/OvqGOJe1zAo
O1sWR/na0d9qv4qVK/jNCKIHjtF24npdqgdDjyKdMOGBkS1pgSGwkH8Hd7cffJJm
LZswdRm2rEmchmqhVXwvYRlmU5nhAyb2GrW5g78DyTPbKCO+z7ejYfM7h6YQQHS3
Y1x/vMdf092djWF0jvr52WtbPfcYL9OCWgTB6LLlXhfPhqPUoiYzcFIO2obRwXR1
FZnWhOUcfsVHgmbN1g6b
=/Gqy
-----END PGP SIGNATURE-----

To verify the signatures, first install GPG. Then import the necessary PGP public keys (see below). Then get to a command prompt and do this:

Code:

gpg --verify
# Paste the signature here, like:
-----BEGIN PGP SIGNED MESSAGE-----
...
-----END PGP SIGNATURE-----
# Enter Ctrl-D (Linux) or Ctrl-Z (Windows) to signal the end
# You'll get something like this if the signature is OK:
gpg: Signature made 09/29/14 09:44:14 Central Daylight Time
using RSA key ID 2346C9A6
gpg: Good signature from "Wladimir J. van der Laan <...>"

Gitian signature verification

Bitcoin developers and other interested people sign every release of Bitcoin Core using gitian. To verify a downloaded version:

• Go to the gitian sigs page and choose the correct version. Versions that end in "rc1" are older prerelease versions of versions without any rc suffix. Choose the link that ends with "-win" for Windows, "-osx" for Mac OS X, or "-linux" for Linux.
• Once you're at the correct version, there are links for all of the different people who signed that release. Choose a few people who you trust. You will need their PGP public keys (see below).
• For each person, download the raw version of both files. With both files in the same directory, run gpg --verify *.assert.sig. Verify that the signature is OK.
• Open the .assert file in a text editor. This is a list of SHA-256 hashes for a bunch of files. You should verify that the Bitcoin Core download you're going to use exists in the "out_manifest" section and has a matching hash. In some cases, you may need to check several files if the out_manifest contains the contents of an archive that you downloaded. Note that Windows and OS X installers generally will not have matching hashes due to issues with embedded signatures in the installers -- use the zip/tar.gz releases instead.

Building gitian releases

You can personally build Bitcoin Core and check that it matches the official release. See here.

Note that the digitally signed installers cannot be verified in this way because you would need to know the private key of the digital signature signing key in order to reproduce the installer.

Common PGP keys

Here are a few PGP public keys that you might need. You can usually just paste the whole thing into a command prompt:
https://bitcointalk.org/verify_pubkeys.txt

If you're using the default trust model, and you've already created a key for yourself with gpg --gen-key, then you'll also want to locally sign these keys. Do that like this for each key-id, saying yes if it asks whether you want to sign all user IDs:

Code:

gpg --lsign 0x71A3B16735405025D447E8F274810B012346C9A6

With bash on Linux, this will lsign all of the public keys in that file:

Code:

for k in \
0x71A3B16735405025D447E8F274810B012346C9A6 \
0x01EA5486DE18A882D4C2684590C8019E36C2E964 \
0xDE47BC9E6D2DA6B02DC610B1AC859362B0413BFA \
0x5E6B3F3BA961193C5C9B4435C6555693DAB591E7 \
0xE463A93F5F3117EEDE6C7316BD02942421F4889F \
0x152812300785C96444D3334D17565732E08E5E41
do gpg --lsign $k
done

Note that it isn't the greatest to trust random pages on the Internet when importing keys. For example, a bitcointalk.org moderator could replace the above keys with different keys that are all under his control and then post an emergency "urgent upgrade required!" link somewhere pointing to wallet-stealing malware signed by the keys that he placed here. PGP has the concept of a "PGP Web of Trust" that people are theoretically supposed to use to prevent this sort of thing, but it's complicated and doesn't work very well, so pretty much no one actually uses it. If you're not already familiar with PGP, then it's best to just import and use these keys, which will at least protect you from attacks carried out in the future. But if you're serious about security, you should probably read a few guides on PGP and at least try to get verification from several different sites/people about a key's authenticity in the future. For example, many of these keys are also available on bitcoin.org. (All of the Bitcoin Core download/verification info has been republished on bitcointalk.org partly to provide some protection/redundancy in the case of bitcoin.org being compromised.)

[1714209946]

1714209946

[achow101]

Final Windows and Mac installers are digitally signed by The Bitcoin Foundation. (Note that The Bitcoin Foundation is not actually strongly associated with Bitcoin development -- it is just convenient for them to sign the releases.) On Windows, you can check this by right clicking the installer, choosing properties, and then going to the Digital Signatures tab. Check that it is signed by The Bitcoin Foundation, Inc..

Prerelease versions are generally not signed.

Actually they are. The signatures are included in detached form at https://github.com/bitcoin-core/bitcoin-detached-sigs. These are combined with the unsigned versions to create signed versions. This is done for every single version, including prereleases.

Note that the digitally signed installers cannot be verified in this way because you would need to know the private key of the digital signature signing key in order to reproduce the installer.

Same thing as above.

Also, for verifying gitian signatures, all of the keys used by everyone who has built gitian binaries is located at https://github.com/bitcoin/bitcoin/tree/master/contrib/gitian-keys

[Gumballinabattleaxeninja]

What I want to know is, what "State" is sponsoring this malicious attack? Is it China? The USA? I would imagine a collective of countries conversing on this and funding the attackers with Bitcoin, since fiat is so traceable nowadays.

[OmegaStarScream]

I was always wondering how people could sign those downloads ,thanks for the tutorial theymos 

The server hosting the download may also have been compromised

Are you speaking about scenarios that could happen ? or there is an actual threat going on, because I don't understand why It became suddenly important to verify signature while we didn't see such a thread in the past.

[bet4btc]

What about if i have Ubuntu with Bitcoin core in the PPA?  its auto updating it, i dont do anything manually beside clicking on Update 

[johnsmithx]

Even if all of your favorite Bitcoin websites are yelling at you to immediately download something lest you lose all of your coins,

That's an absolutely impossible assumption. I understand the OP was just trying to make a point but he chose a wrong example, or at the very least a very nonsensical wording. If any website or person ever claims that you have to download anything (or do anything in general) otherwise you lose your coins then they are either lying or retarded. Your coins are your coins and to keep them you don't have to do absolutely anything.

Now if any reader is that stupid that they would actually believe such a nonsense then they shall lose all their coins, they don't deserve to even use their computer. Stupid people are the worst danger to society, vast majority of all the suffering throughout the human history was caused by the human stupidity.

[Steampunk]

Are you speaking about scenarios that could happen ? or there is an actual threat going on, because I don't understand why It became suddenly important to verify signature while we didn't see such a thread in the past.

Wondering too.

[achow101]

Are you speaking about scenarios that could happen ? or there is an actual threat going on, because I don't understand why It became suddenly important to verify signature while we didn't see such a thread in the past.

Wondering too.

Cobra made an alert on bitcoin.org: https://bitcoin.org/en/alert/2016-08-17-binary-safety but no one knows why he did it and what he means by it. So right now now the assumption is that something nasty have been compromised, but there is no proof of any such compromise yet.

[TheKB]

Even if all of your favorite Bitcoin websites are yelling at you to immediately download something lest you lose all of your coins,

That's an absolutely impossible assumption. I understand the OP was just trying to make a point but he chose a wrong example, or at the very least a very nonsensical wording. If any website or person ever claims that you have to download anything (or do anything in general) otherwise you lose your coins then they are either lying or retarded. Your coins are your coins and to keep them you don't have to do absolutely anything.

Now if any reader is that stupid that they would actually believe such a nonsense then they shall lose all their coins, they don't deserve to even use their computer. Stupid people are the worst danger to society, vast majority of all the suffering throughout the human history was caused by the human stupidity.

you just referenced half a sentence and started bashing the OP with what you think. the point was to emphasize "you should NEVER run Bitcoin Core software without verifying it first" which you conveniently omitted altogether.

[LoyceV]

What about if i have Ubuntu with Bitcoin core in the PPA?  its auto updating it, i dont do anything manually beside clicking on Update 

You do the same for your core system: just click to update. It could even be set to auto-update.
If you can't trust the Bitcoin core in there, you can't trust the rest of your system. And if you can't trust the rest of your system, not only Bitcoin but also your online banking could be compromised.

So far I trust my operating system, and it's almost impossible for me to check if it's compromised anyway.

[alani123]

Thanks theymos. Verifying the integrity of software to run on people's machines should be a standard for everyone and I'm glad that it's being taken care so thoroughly by people associated with bitcoin development. Excellent security practices are always welcome, especially given that bitcoin's transactions were designed to be trustless.

[yayayo]

Thanks theymos. Verifying the integrity of software to run on people's machines should be a standard for everyone and I'm glad that it's being taken care so thoroughly by people associated with bitcoin development. Excellent security practices are always welcome, especially given that bitcoin's transactions were designed to be trustless.

Agreed. It's good to have a competent individual hosting the forum that cares about security. I think the importance of signature verification will increase as Bitcoin becomes more widely used. Because it is financial software that enables direct access to real value Bitcoin Core is a very attractive target for all kinds of hacking / fraudulent activity - with faked downloads being on the low end of the complexity range.

In addition to the activities of ordinary criminals, we should also be aware that government agencies are highly interested in tracking payments...

ya.ya.yo!

[Quickseller]

Are you speaking about scenarios that could happen ? or there is an actual threat going on, because I don't understand why It became suddenly important to verify signature while we didn't see such a thread in the past.

Wondering too.

Cobra made an alert on bitcoin.org: https://bitcoin.org/en/alert/2016-08-17-binary-safety but no one knows why he did it and what he means by it. So right now now the assumption is that something nasty have been compromised, but there is no proof of any such compromise yet.

Nothing has been compromised, at least the post does not indicate that anything has been compromised. The post seems to imply that something might get compromised in the near future, possibly by a state sponsored actor.

Someone suggested in the self-moderated thread that this was something to potentially discredit the Chinese miners in the future if they were to start to support a HF for a larger block size. I have no reason to trust cobra, and several reasons to distrust him, and cannot rule the above out.
 

[spazzdla]

Sweet!! Thanks this will be very useful.

[Timelord2067]

I've been revisiting PGP in recent times and was thinking the other day that I should import a few of the need to know PGP keys, so thanks for the heads up about the next update and the precautions a person should take.

Safety first.

BTW, I have discovered a glitch in KeyBase.Io public keys being incompatible with PGP and Kleopatra.

[SpiryGolden]

I am having a hard time to understand why 0.13.0 ? When next to release is 0.12.2 with Segwit Code. My guess is that 0.13.0 doesn't have public binaries and no yet compiled. How can a binary can be compromised in a way like that? I mean seriously they put a warning on a far in future code to be public that is under their control isn't it? This means the whole code can be compromised?

[theymos]

I am having a hard time to understand why 0.13.0 ? When next to release is 0.12.2 with Segwit Code. My guess is that 0.13.0 doesn't have public binaries and no yet compiled. How can a binary can be compromised in a way like that? I mean seriously they put a warning on a far in future code to be public that is under their control isn't it? This means the whole code can be compromised?

There's no flaw in 0.13.0 itself. The concern is that for the next major release, an attack might be attempted as everyone rushes to upgrade. If the Core devs had to do a non-SegWit 0.12.2 bugfix release, then the warning would apply equally to that.

[SpiryGolden]

I am having a hard time to understand why 0.13.0 ? When next to release is 0.12.2 with Segwit Code. My guess is that 0.13.0 doesn't have public binaries and no yet compiled. How can a binary can be compromised in a way like that? I mean seriously they put a warning on a far in future code to be public that is under their control isn't it? This means the whole code can be compromised?

There's no flaw in 0.13.0 itself. The concern is that for the next major release, an attack might be attempted as everyone rushes to upgrade. If the Core devs had to do a non-SegWit 0.12.2 bugfix release, then the warning would apply equally to that.

I understand, thanks for explanation. So that means between the dev and hosting server a MITM might happen? And that is the warning for, in order to learn people to be more vigilant. I am correct?

[CanaryInTheMine]

Get the sha256 hash of the Bitcoin Core release you downloaded. On Windows, this requires an extra tool such as HashTab.

The suggested HashTab tool is not useful on Windows.  If you get it and check the properties tab, the sha256 sum is not there.  Either additional instructions to enable it are required or a different tool should be suggested: (such as http://www.labtestproject.com/using_windows/step_by_step_using_sha256sum_on_windows_xp.html)

Otherwise, reddit and/or forum could get inundated with posts from windows users who will report that their windows system got a compromised 13th version when they download it.

[OmegaStarScream]

Note that it isn't the greatest to trust random pages on the Internet when importing keys. For example, a bitcointalk.org moderator could replace the above keys with different keys that are all under his control and then post an emergency "urgent upgrade required!" link somewhere pointing to wallet-stealing malware signed by the keys that he placed here.

You could simply sign a message with one of your known public addresses, if you are concerned that a forum moderater could change your post. Sign the whole post (if a signed message that long is possible) or else only sign a message with the PGP keys.

What would that change ? even If we quote him , moderators have the ability to delete our posts. (If not edit them as well - depends on the privileges theymos gave them)