Verifying Bitcoin Core

[Timelord2067]

Is there an issue if still using 0.12 core version.

No, there are no known problems with 0.12.1, and both the most recent major version and the previous major version are officially supported. So 0.12 will be supported until 0.14 comes out.

I recommend waiting a few months to upgrade on sensitive systems just in case any bugs are found.

Will a future version prevent an older version from connecting at some later point in time?

I have a PortableApps BitCoin Wallet that I try to play catch up with the block chain, but that Wallet version for PA hasn't been updated in quite a while.  (and unless the NBN comes to my area soon (and is affordable as well) I won't be able to have a local copy of the block chain anytime soon...)

[1714952923]

1714952923

[1714952923]

1714952923

[1714952923]

1714952923

[1714952923]

1714952923

[1714952923]

1714952923

[achow101]

Is there an issue if still using 0.12 core version.

No, there are no known problems with 0.12.1, and both the most recent major version and the previous major version are officially supported. So 0.12 will be supported until 0.14 comes out.

I recommend waiting a few months to upgrade on sensitive systems just in case any bugs are found.

Will a future version prevent an older version from connecting at some later point in time?

Probably not, but an older version will definitely not be able to connect to a future version at some point in time.

I have a PortableApps BitCoin Wallet that I try to play catch up with the block chain, but that Wallet version for PA hasn't been updated in quite a while.  (and unless the NBN comes to my area soon (and is affordable as well) I won't be able to have a local copy of the block chain anytime soon...)

It depends on the version of that wallet. I know for a fact that really old versions of Bitcoin are incompatible with the current network.

[theymos]

Will a future version prevent an older version from connecting at some later point in time?

Yes, but it's done very rarely. Versions as old as 0.3 can still connect to the network, though versions between 0.3 and 0.7 have a random chance of rejecting large blocks unless you add a special DB_CONFIG file to the data directory. (Those version numbers are from memory, and might be somewhat off.)

Except in case of some catastrophic network event such as an attack by the majority of miners, you should generally have at least 6 months of warning before a backward-incompatible change is made, and probably more like 12-24 months. The change which made versions older than 0.3 incapable of connecting to the network was done with 2 years of advance warning.

[Timelord2067]

Will a future version prevent an older version from connecting at some later point in time?

Yes, but it's done very rarely. Versions as old as 0.3 can still connect to the network, though versions between 0.3 and 0.7 have a random chance of rejecting large blocks unless you add a special DB_CONFIG file to the data directory. (Those version numbers are from memory, and might be somewhat off.)

Except in case of some catastrophic network event such as an attack by the majority of miners, you should generally have at least 6 months of warning before a backward-incompatible change is made, and probably more like 12-24 months. The change which made versions older than 0.3 incapable of connecting to the network was done with 2 years of advance warning.

Hey thanks for that - I'll be sure to update sooner than that - I've also exported private keys of my PortableApps wallet just in case it ever gave out on me.

[smileman]

in windows
Can a little more explanation
Step by Step

 

Hold down shift and right click on empty space next to the downloaded Bitcoin installer. Click "open command window here". In the box that comes up, type certUtil -hashfile bitcoin-0.13.0-win32.zip SHA256 (if the file you downloaded has a different name, use that name instead). Push enter. The hash will be printed. Between every two characters of the hash there will be a space, but you can ignore those spaces.

It's working

Big Thanks! 

[ERossin]

I have just downlloaded bitcoin core version 0.13.0 from bitcoin.org .is it good software?

[achow101]

I have just downlloaded bitcoin core version 0.13.0 from bitcoin.org .is it good software?

Yes it is good. Make sure you verify it by following the instructions in the OP.

[ERossin]

I have just downlloaded bitcoin core version 0.13.0 from bitcoin.org .is it good software?

Yes it is good. Make sure you verify it by following the instructions in the OP.

Thank you. just got your help for newbie.

[Goruno]

I also use bitcoin core ver 0.13.0. it runs smoothly .

[logocreator]

whats the benefit, or should i say changelog of v0.13 in short ?

[coin@coin]

That's because your file is wrong.

This line is incorrect:

Code:

54606c9a4fd32b826ceab4da9335d7a34a380859fa9495bf35a9e9c0dd9b6298  bitcoin-0.13.0-win64.2d61f88621301bbb00512376287f9df4568255f8b98bc10547dced96c8  bitcoin-0.13.0-x86_64-linux-gnu.tar.gz

It should really be these two lines:

Code:

54606c9a4fd32b826ceab4da9335d7a34a380859fa9495bf35a9e9c0dd9b6298  bitcoin-0.13.0-win64.zip
bcc1e42d61f88621301bbb00512376287f9df4568255f8b98bc10547dced96c8  bitcoin-0.13.0-x86_64-linux-gnu.tar.gz

That's because the files themselves are not pgp signed and do not have any signatures.


Yes that is all you need to trust that the .dmg is the right file.

Thanks for the help. I see were I went wrong now!

[poordeveloper]

whats the benefit, or should i say changelog of v0.13 in short ?

https://bitcoin.org/en/release/v0.13.0

[afbitcoins]

I'm not sure what I'm doing wrong, when i generate the hash it matches correct but then I tried verifying as below and got public key not found. I have imported the keys that were listed in OP, there were 5 i think

xxxxxxxxxxx$ gpg --verify SHA256SUMS.asc
gpg: Signature made Tue 23 Aug 2016 16:23:26 CEST using RSA key ID 36C2E964
gpg: Can't check signature: public key not found


I feel like it is safe to use the binary because the hashes did match, is that the case? why have i not go the right public key?

[achow101]

I'm not sure what I'm doing wrong, when i generate the hash it matches correct but then I tried verifying as below and got public key not found. I have imported the keys that were listed in OP, there were 5 i think

xxxxxxxxxxx$ gpg --verify SHA256SUMS.asc
gpg: Signature made Tue 23 Aug 2016 16:23:26 CEST using RSA key ID 36C2E964
gpg: Can't check signature: public key not found


I feel like it is safe to use the binary because the hashes did match, is that the case? why have i not go the right public key?

Double check that you have imported the key with fingerprint 01EA5486DE18A882D4C2684590C8019E36C2E964. That's the release signing key.

[afbitcoins]

I'm not sure what I'm doing wrong, when i generate the hash it matches correct but then I tried verifying as below and got public key not found. I have imported the keys that were listed in OP, there were 5 i think

xxxxxxxxxxx$ gpg --verify SHA256SUMS.asc
gpg: Signature made Tue 23 Aug 2016 16:23:26 CEST using RSA key ID 36C2E964
gpg: Can't check signature: public key not found


I feel like it is safe to use the binary because the hashes did match, is that the case? why have i not go the right public key?

Double check that you have imported the key with fingerprint 01EA5486DE18A882D4C2684590C8019E36C2E964. That's the release signing key.

Thanks for getting back to me, I must have done something wrong on importing the keys, I had missed that one somehow. Now I am getting this

xxxxxxxxxxx$ gpg --verify SHA256SUMS.asc
gpg: Signature made Tue 23 Aug 2016 16:23:26 CEST using RSA key ID 36C2E964
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 01EA 5486 DE18 A882 D4C2  6845 90C8 019E 36C2 E964

I have a warning on the output now, is this something I should worry about?
Or can I now safely assume I have correct binary ?

[achow101]

I'm not sure what I'm doing wrong, when i generate the hash it matches correct but then I tried verifying as below and got public key not found. I have imported the keys that were listed in OP, there were 5 i think

xxxxxxxxxxx$ gpg --verify SHA256SUMS.asc
gpg: Signature made Tue 23 Aug 2016 16:23:26 CEST using RSA key ID 36C2E964
gpg: Can't check signature: public key not found


I feel like it is safe to use the binary because the hashes did match, is that the case? why have i not go the right public key?

Double check that you have imported the key with fingerprint 01EA5486DE18A882D4C2684590C8019E36C2E964. That's the release signing key.

Thanks for getting back to me, I must have done something wrong on importing the keys, I had missed that one somehow. Now I am getting this

xxxxxxxxxxx$ gpg --verify SHA256SUMS.asc
gpg: Signature made Tue 23 Aug 2016 16:23:26 CEST using RSA key ID 36C2E964
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 01EA 5486 DE18 A882 D4C2  6845 90C8 019E 36C2 E964

I have a warning on the output now, is this something I should worry about?
Or can I now safely assume I have correct binary ?

You can assume you have the correct binary because the signature is good. However, the warning means that you personally have not trusted this key. Ideally you would meet up with Wladimir and he would show you his ID and his key fingerprint and prove to you that he is in control of the key. However, since that isn't likely to happen, you can check who else has signed his key, and if you trust them, you can set your own trust on his key.

[afbitcoins]

I'm not sure what I'm doing wrong, when i generate the hash it matches correct but then I tried verifying as below and got public key not found. I have imported the keys that were listed in OP, there were 5 i think

xxxxxxxxxxx$ gpg --verify SHA256SUMS.asc
gpg: Signature made Tue 23 Aug 2016 16:23:26 CEST using RSA key ID 36C2E964
gpg: Can't check signature: public key not found


I feel like it is safe to use the binary because the hashes did match, is that the case? why have i not go the right public key?

Double check that you have imported the key with fingerprint 01EA5486DE18A882D4C2684590C8019E36C2E964. That's the release signing key.

Thanks for getting back to me, I must have done something wrong on importing the keys, I had missed that one somehow. Now I am getting this

xxxxxxxxxxx$ gpg --verify SHA256SUMS.asc
gpg: Signature made Tue 23 Aug 2016 16:23:26 CEST using RSA key ID 36C2E964
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 01EA 5486 DE18 A882 D4C2  6845 90C8 019E 36C2 E964

I have a warning on the output now, is this something I should worry about?
Or can I now safely assume I have correct binary ?

You can assume you have the correct binary because the signature is good. However, the warning means that you personally have not trusted this key. Ideally you would meet up with Wladimir and he would show you his ID and his key fingerprint and prove to you that he is in control of the key. However, since that isn't likely to happen, you can check who else has signed his key, and if you trust them, you can set your own trust on his key.

Yes I have not personally trusted the key yet. this is a bit new to me but I intend to devote some more of my time to understanding it better as I agree that it is important to verify the download. Up until now I have usually just downloaded it and started using it right away without verifying anything.

Thanks for your help

[ninjasmurf]

However how do I actually check the .dmg file that contains the installer is the right one?

If I run:

Code:

gpg --verify bitcoin-0.13.0-osx.dmg

I get:

Code:

gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.

That's because the files themselves are not pgp signed and do not have any signatures.

Greetings and thank you very much for this guide. I try to work best practices into as much of my computing as possible but using GPG has defeated my time/need/interest matrix for awhile.

What files do contain the signatures that we are supposed to be verifying? The OP's guide says,"Bitcoin developers and other interested people sign every release of Bitcoin Core using gitian." I thought this meant if I download a .sig file from the gitian page on GitHub, I could run 'gpg --verify' on the new program I downloaded from bitcoin.org to verify its authenticity.

After I've imported the public PGP keys & downloaded the assert.sig file from GitHub, when i run gpg --verify I get the following:
ninjasmurf$ gpg --verify /Users/ninjasmurf/Desktop/bitcoin-dmg-signer-build.assert\(1\).sig  /Users/ninjasmurf/Desktop/bitcoin-0.13.0-osx64.tar.gz
gpg: Signature made Wed Oct 14 11:04:19 2015 EDT using RSA key ID 2346C9A6
gpg: BAD signature from "Wladimir J. van der Laan <laanwj@gmail.com>" [unknown]


Why does this come back with a BAD signature?
Thanks in advance. Have a sweet day.

[Steampunk]

I have just downlloaded bitcoin core version 0.13.0 from bitcoin.org .is it good software?

Yes?

[bitcoluck]

i have a question, do I need to download the entire blockchain file in order to receive my btc into my bitcoin core wallet?