Verifying Bitcoin Core

[achow101]

i have a question, do I need to download the entire blockchain file in order to receive my btc into my bitcoin core wallet?

You can receive regardless of your sync state. However, if you want to be able to see and spend the Bitcoin, you will need to be synced. You can enable pruning so that the blockchain doesn't take up as much space.

[1714102950]

1714102950

[FreshFund]

does this update require resyncing the blockchain?

[achow101]

does this update require resyncing the blockchain?

No. It can and will use any previously downloaded data and your previously used wallets as it did before.

[FreshFund]

does this update require resyncing the blockchain?

No. It can and will use any previously downloaded data and your previously used wallets as it did before.

cheers

[go6ooo1212]

How about release version 0.13.1 downloaded from bitcoin.org.
Does it have more stable security than the 0.13.0...

[Lauda]

How about release version 0.13.1 downloaded from bitcoin.org.
Does it have more stable security than the 0.13.0...

Do you even know what this thread is about? The security problem isn't inherent to the client itself, but rather due to potential state-sponsored attacks on websites from which users would normally download. If you compiled 0.13.0 yourself, you would not have to deal with this risk. The same applies for 0.13.1, i.e. you should also verify the download.

[go6ooo1212]

How about release version 0.13.1 downloaded from bitcoin.org.
Does it have more stable security than the 0.13.0...

Do you even know what this thread is about? The security problem isn't inherent to the client itself, but rather due to potential state-sponsored attacks on websites from which users would normally download. If you compiled 0.13.0 yourself, you would not have to deal with this risk. The same applies for 0.13.1, i.e. you should also verify the download.

Thank you , that was what I meant , I just didn't clear my question...

[Timelord2067]

Slightly off topic, my PortableApps version of the BitCoin Wallet crashed the night before last with a window telling me to update to the latest version (so, it's on topic concerning the latest version and upgrading same) I've made appeals on BCT in the past to have the PA version of BitCoin Wallet updated but they have fallen on deaf ears.

So, in light of this thread and my BTC Wallet crashing solely because it needs to be upgraded, can someone cast their eyes on this: http://portableapps.com/search/node/bitcoin

Thanks.

[achow101]

Slightly off topic, my PortableApps version of the BitCoin Wallet crashed the night before last with a window telling me to update to the latest version (so, it's on topic concerning the latest version and upgrading same) I've made appeals on BCT in the past to have the PA version of BitCoin Wallet updated but they have fallen on deaf ears.

So, in light of this thread and my BTC Wallet crashing solely because it needs to be upgraded, can someone cast their eyes on this: http://portableapps.com/search/node/bitcoin

Thanks.

The official binaries includes zip versions which do not need to be installed and can be run on any computer provided that it runs the right OS. You can just set it up with a shortcut or something to have the datadir point to your USb drive.

[Timelord2067]

The official binaries includes zip versions which do not need to be installed and can be run on any computer provided that it runs the right OS. You can just set it up with a shortcut or something to have the datadir point to your USb drive.

Thanks for the info - I'll give it a go (and will back up my wallet.dat etc etc)

Regards,

[achow101]

anyone know what im doing wrong with pgp?
i confirmed my sha256 hashes are correct, but this happens when i try to check pgp sig.
i imported keys from op.

C:\Users\main>gpg --verify
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256eda24dcf0b9fae606eb9811f74ddba69a3
287316950f3f02b3000b6b1c02b65f  bitcoin-0.13.2-aarch64-linux-gnu.tar.gz3c460784d
3ab64645d48389c467336a38da473706a69f22f39cfcce5e0f33780  bitcoin-0.13.2-arm-linu
x-gnueabihf.tar.gz790e4c7ebf9f4a734d1d2b6bb5e9f5fb3f613f6f93da30fd1420c5b4115dd7
2f  bitcoin-0.13.2-i686-pc-linux-gnu.tar.gz8037b25310966127c589eb419534d7763ad62
c2c29b94e0a37a5c5f5d96f541a  bitcoin-0.13.2-osx64.tar.gzdac105b49c159a3d8c9463d1
f05afe4cf29ec40bbd145e8961132693b7eff953  bitcoin-0.13.2-osx.dmg621201189c0409cb
17a5073278872dcdcfff1ea147ead6958b55e94416b896d7  bitcoin-0.13.2.tar.gz27c4be7f5
71050f6c361e44ca70553d4d2b555b69d568306b676734100d929e1  bitcoin-0.13.2-win32-se
tup.exe4d1c26675088219d8e2204b5a9f028916d5982db860298a70b6ed08e30af2a53  bitcoin
-0.13.2-win32.zip8960defc12287dd9248b99bab02a0854c072e6a3850757036c585cbd628217b
f  bitcoin-0.13.2-win64-setup.exee07ce2a8cc0913fb253a42073fd3b94921da7f916366dd0
534f3b24cad7a733e  bitcoin-0.13.2-win64.zip29215a7fe7430224da52fc257686d2d387546
eb8acd573a949128696e8761149  bitcoin-0.13.2-x86_64-linux-gnu.tar.gz-----BEGIN PG
P SIGNATURE-----Version: GnuPG v1.4.11 (GNU/Linux)iQIcBAEBCAAGBQJYa17rAAoJEJDIAZ
42wulk9CYQAILNYlO4D0yA0OL6MFVtIKeFJDPjxzNKe1YHzfVq/MQs/k7Evf+2AwqqRGWfNx5auWOzpR
kLSfr+p4EcHWaafimvehNrWzNpkFELsr26alfAAp4SpZk9pQaHVLQ5Yh8ajvzbBK0gPeZDEAGyyd5ifg
/bpvdDXIfdK5mWZa7XXGzrULW3bdutEfQ2t8VzTZWIUU5PP5aePhGY8AGuguGrap7rQsJrnAD66YQJWG
AkkpOJuj7rjlyldHP0km5sIwGZeEWKlsV0R+JpEvsn3NEuNb/LpzKAZ13rSohiZTWRF93ARta/gbP1RR
9WW2dZf/C3AjfZrHTcyMNw6iiLsLb13J9pHT2+RbyArfzoPyFoeVFq6E8alswRcXfO8+VBYTMSG/6S0N
WYHZejqdvbdLdMH+UtHAIMmtrGQ7SMhPhN8+0dELR4/pXnbFgwBnv6PndqpFwQJFptBn2hyNMgwrz0sd
LqP00iI0MaySJaGRtBGVxc6BDfA/KL/269g8p2mlhENGKk68iVMjrouufmTmQuILxKGBFRm2tGDntYVe
C5ozy9pU5nq2P9QxAHg0g/VUssdPySBCAQFkzVIAiDkQ9jlswGkPu8YcUVlrwiFduaxbM7vNiJgUBS8o
hZ3dlQ81Gql+ZgEgVGRM2f9jYoT3N8fAgWOkWT4vuKJM9Dp9OHvfct=194v-----END PGP SIGNATUR
E-----
^Z
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.

C:\Users\main>

That is not how GPG verify works. You need to specify the path to the signature file, not the contents of that file. Your command should be something like

Code:

gpg --verify SHA256SUMS.asc

[bones]

C:\Users\main\Desktop>gpg --verify 1.txt
gpg: Signature made 01/03/17 08:20:59 GMT Standard Time using RSA key ID 36C2E96
4
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release
signing key) <laanwj@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 01EA 5486 DE18 A882 D4C2  6845 90C8 019E 36C2 E964

thanks, all looks good, thanks for your help.

[go6ooo1212]

I didn't get which version of GPG verifier to download. Would appreciate some help..

[OmegaStarScream]

I didn't get which version of GPG verifier to download. Would appreciate some help..

I'm personally using Gpg4win (Windows only) and I guess almost everyone else on the forums is using the same thing : https://www.gpg4win.org/ , If you don't know much on how to use it (beside verifying) then you could check this tutorial https://www.deepdotweb.com/2013/11/11/pgp-tutorial-for-newbs-gpg4win/

[go6ooo1212]

I didn't get which version of GPG verifier to download. Would appreciate some help..

I'm personally using Gpg4win (Windows only) and I guess almost everyone else on the forums is using the same thing : https://www.gpg4win.org/ , If you don't know much on how to use it (beside verifying) then you could check this tutorial https://www.deepdotweb.com/2013/11/11/pgp-tutorial-for-newbs-gpg4win/

Thank you , mate

[JClaww]

Thanks for this guide, very helpful!

[cici1995]

Good!Thanks this will be very useful.

[uchalkql]

why bitcoin.org doesn't show the output for sha256sum?
https://bitcoin.org/en/download

> sha256sum bitcoin-0.14.0-x86_64-linux-gnu.tar.gz
06e6ceeb687e784e9aaad45e9407c7eed5f7e9c9bbe44083179287f54f0f9f2b  bitcoin-0.14.0-x86_64-linux-gnu.tar.gz

how to verify?

I tried:
> gpg --verify SHA256SUMS.asc
gpg: Signature made Wed 08 Mar 2017 03:43:28 AM BRT using RSA key ID 36C2E964
gpg: Can't check signature: No public key

[uchalkql]

why bitcoin.org doesn't show the output for sha256sum?
https://bitcoin.org/en/download

> sha256sum bitcoin-0.14.0-x86_64-linux-gnu.tar.gz
06e6ceeb687e784e9aaad45e9407c7eed5f7e9c9bbe44083179287f54f0f9f2b  bitcoin-0.14.0-x86_64-linux-gnu.tar.gz

how to verify?

I tried:
> gpg --verify SHA256SUMS.asc
gpg: Signature made Wed 08 Mar 2017 03:43:28 AM BRT using RSA key ID 36C2E964
gpg: Can't check signature: No public key

I checked the output of sha256sum with the file provided by bitcoin.org and they match.
But shouldn't the site display the hash? I was just concerned with man in the middle attack. 

[Flanagan]

Lubuntu 16.10
When trying to verify signature for bitcoin-0.14.0-x86_64-linux-gnu.tar.gz using the Bitcoin Core Release Signing Keys downloaded from: https://bitcoin.org/en/download
i.e.:
https://bitcoin.org/laanwj-releases.asc

I GET the following, why Warning message?

gpg --verify
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

466adccf7352f06de35afc1627a3ea721764268ceaf08fa3641f9b47e7df091a  bitcoin-0.14.0-aarch64-linux-gnu.tar.gz
55957e2c35aa2ba836cbae7cbf945bcf489a46b243551b0f6fd86f60603032a6  bitcoin-0.14.0-arm-linux-gnueabihf.tar.gz
e4bb8b52acde07788dfcf024645fe291f0deca2b7172939fb2ddb8789fe56973  bitcoin-0.14.0-i686-pc-linux-gnu.tar.gz
e01e3cdd3c4138eccaf0c1267caa3bcdb6949ee63c1e396842b70f102fb4bcaf  bitcoin-0.14.0-osx64.tar.gz
50fea43935e93381552b6730444eed6bbe513637a785e1b864b0c5883729228c  bitcoin-0.14.0-osx.dmg
d743d4866a0d4c1457f81530c45258a8b6383d1cafc458eedcba8d01728a641e  bitcoin-0.14.0.tar.gz
95a030be5c1649023e3aa81d1cd9eabd4258f1b00f0fc51066d02126219705af  bitcoin-0.14.0-win32-setup.exe
864ef77b9b4812ec59adff04d44213a6039c66970a9ae31e8620997a8c1537bc  bitcoin-0.14.0-win32.zip
f260d52cf2fe91c4be99ed6fcf8aa0de669ff326c5da920b7ed3a3e2ec981e0a  bitcoin-0.14.0-win64-setup.exe
415693ed81cfc4960bbfcb815529003405aefbf839ef8fc901b0a2c4ef5317d0  bitcoin-0.14.0-win64.zip
06e6ceeb687e784e9aaad45e9407c7eed5f7e9c9bbe44083179287f54f0f9f2b  bitcoin-0.14.0-x86_64-linux-gnu.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJYv6gQAAoJEJDIAZ42wulk9e0P/0vAR1wxuQvHthS36w0LRDI4
7c3Go/2TPbgGo1PinMhobYeVWE+lfhb9scFGZQiCAvIoRhVsOB8KRN3BS0QDI5gS
iqZJPAl4dz/QtWOyYOv2hAp/hGzChnxoWmkhXmNp4R5y6oLAXOSAkJfGh7btkWBg
LL+tUnkQDcA10DlP3H3O+joxIFrqs9i3UVz5L1bf3M0YtCNOSzdEN7Pv3YwLrij9
dggZwqijTZksi+ouA/ibPni0IWX4sEPs2w/D3lVMQsXc+CdLu/wJByGENg9Gy8VS
1jhGL6PQgbR1SoCvSZ0Je3BDllXpkzzsIUNna56v5+5OXHr9GMrlr7E4qINz6Sl4
LrdEwqZ0Kw1yzs8MlDnTEmH4RGX56cvBjEznFomKmoQUKZKLdzAl5HZWrp6s4HXn
YpstVVCSC615Wm7H2Wd1FrBDU/lq0gHy/w7TNdkLzLIQcJkylo1YzYNkR5Av1Sfd
4prZOVt0LdBgHClObAknByHV92qG6WYn/uXCRUu1MQjWPiI6CjcbEpIAMhxYrM43
1bujklpAXCLudhQ/ShB55SJtKsQ+vcwuAWI+5w/s46k89qUObjBJl5PsvW86kfJQ
GHfLbaeEP4SDGl16YKD6D4MjE/Qkp9reGSij+Sadft5jyJkJEgS9zgiKzD+zXBOA
Df25YpP5jfRJb9xHOUQl
=PU5A
-----END PGP SIGNATURE-----
gpg: Signature made mié 08 mar 2017 07:43:28 CET
gpg:                using RSA key 90C8019E36C2E964
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 01EA 5486 DE18 A882 D4C2  6845 90C8 019E 36C2 E964


EDIT (SOLVED)
Ok, this was replied in an earlier post by achow101:
"You can assume you have the correct binary because the signature is good. However, the warning means that you personally have not trusted this key. Ideally you would meet up with Wladimir and he would show you his ID and his key fingerprint and prove to you that he is in control of the key. However, since that isn't likely to happen, you can check who else has signed his key, and if you trust them, you can set your own trust on his key."