req: howto verify bitcoin archive authenticity

[osmosis]

If someone would like to link to or share a howto for verifying the authenticity of the bitcoin tar.gz file after download, that would be helpful. Replacing the binaries that get downloaded seems like an obvious attack vector, and I dont know anything about sourceforge's security.

[ovidiusoft]

Download them from GitHub[1], there's a SHA1 sum file there you can chech agains. But if you want security, you should really download the source code from GitHub, audit and compile it yourself.

[1] https://github.com/bitcoin/bitcoin/downloads

[osmosis]

Download them from GitHub[1], there's a SHA1 sum file there you can chech agains. But if you want security, you should really download the source code from GitHub, audit and compile it yourself.

[1] https://github.com/bitcoin/bitcoin/downloads

As an expanding community we should not be suggesting to everyone to read the source code themselves. Having the open source code available to be viewed is a core aspect of the bitcoin model, but only a niche group is up to this task. Checking a signed signature of the bitcoin download file is something that a lot more people can do, and I am not aware of any community docs produced yet to support this. I may be building one, and I invite others to contribute in this thread.

[luv2drnkbr]

The sha1 checksum file, is a SIGNED message from Gavin's PGP key, which lists the hashes of the files.  Assuming, you know how to get the hash of a file, that's just as good as a sig file in terms of ensuring the integrity of the package.  (Although, I keep getting a "signature NOT valid" error when I verify the pgp message that is the checksum file, which is a bit disconcerting.)

[DeathAndTaxes]

To verify authenticity you must do two things
1) compare the SHA-1 hash of the file you have downloaded to the hash in the SHA1SUMS.asc text file.
2) verify the signature of the document validates against Gavin public key.

If you only do #1 it does you no good.  An attacker could put bad file up there and change the SHA1SUMS file.

Validating the signature of the SHA1SUMS message ensures that the file was written by Gavin and thus you can trust the hashes in the file.

[Gavin Andresen]

Here's my public key, or you can fetch it from the MIT pgp keyserver.  Or it is linked on the bitcoin.org homepage.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (Darwin)

mQGiBEy8srURBADlAamWM3TkgAKyVBVftUsg5aZ3zOA5UAlg+yI/6bzfTkYLtspA
LQ6typamac9re+lqnWdDMa4qVwSmaOMxLOlGhCWWfmA38QprU+ZfuesnxWrVAMG8
TDHLT2vBCa+9iC50soo/imsDqqe6ujm7a+Pd1KSNvFR5KXgEgeEHSiyEqwCg3iAa
DH3lNWzNOgJgi8PUiszqbcsD/2mfNBYJsazYabXcbNdh8VheNnyK2KLUE8Lg1WzU
ld/Sd1gu67oPSFfTiFZ5OBjdHI/XmlFAT4r4eNy1IIf0nELJWWQ6hlzm0a0/DO4b
BUoapjUjAYWDyeeeALDHK7EQboqtwWBlRONyY/+yB9usgbvAK2khRlzBhQonGJEs
FpdQA/9bQzVgpEE1q/ZSnvLp0nOFA3E51SS9uvGGnAdQMjwDp7iGBzh7gRz4ko1k
LG3Sa5fNe21VvlKFcMTaZN9Pd5fDd7gEoDkjUDlf9lRX+YT5zf+SSoeCIGuNMVzs
f8Z2H414dYDOJPBkhYWcqFhGhz11QtWgug5n8GaewC2YOiPU8LQoR2F2aW4gQW5k
cmVzZW4gPGdhdmluYW5kcmVzZW5AZ21haWwuY29tPohmBBMRAgAmBQJMvLK1AhsD
BQku/geABgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQdYgkL74406h8rwCgyMwS
bwfJ+t3B2IRbhnDIsLo4UtAAnRqMmznLBNLe97fbWYjkcgiAkr2UuQINBEy8srUQ
CADLdLYPEFwz9DEMHoQID/USG6QBP8LXVWCy+84aWsR/SMP2k7BmqtiBEOAZvq9j
Tf4/6WoYkU++vDUiq2QefmCnUSfNiD7TcVAQOm631Kg7TkCQU3TZY5rzJ8DAoh2D
vMuYhWVr0grvlJcF6x0A2/YopfR1BO7SNq87LoG/ZqdbFgijNNePBXEfDGG0T0dg
XkZAKsf6v/rgQYWjSgOx1jn/cH7opoum4xyGLVDE+sU3aKBUwaWOV1hLUHWVwgC7
FwXs+nxWPVitR4Ri6aYGlFTrql9DbrQipaybFTRsbdlCrSEpwz5sKK/FE3aRSo5+
+X6fj590uOEPHtu9RDtBcCePAAMFB/9/hCzl8OVZER2fayOTwCauYbt/21D+RvQJ
67bFMMiPxEgWcyueZmpF2Z5KXc61z8mMa831wUNdkkcr2BSr2FEIArlpoynwYHPe
Kyzy1hhhXxdy7uOObicgPMnOx94ZRuvc/xD8LMDLbQ2tpAZn+TCXvwE7fvIxOCnr
6JKUmd2GpQKVnFSbfS9to3pImnZe8OLwoFoBXQ3CBViJo5vYLUHHH+OgIs28PV+8
fcQVJTUQpkDOjNg3fPFd8/YGzaE55+MTqacr5VoSR6aUweMpRCFHNb5PEv/HsY6m
4Q5ypXJBMwWZZlDtiPJnnTaWPwCZLFoj3zEE2VgVGSuoxUMDisPRiE8EGBECAA8F
Aky8srUCGwwFCS7+B4AACgkQdYgkL74406gxCQCfa3UFF31O14UKmnyuJFUTiik+
YBsAoLiC5B6DhN25fJRKWhdvih2hQWrX
=oDeQ
-----END PGP PUBLIC KEY BLOCK-----

[ripper234]

Here is an answer David posted to Stack Exchange about this exact topic.

[ovidiusoft]

As an expanding community we should not be suggesting to everyone to read the source code themselves. Having the open source code available to be viewed is a core aspect of the bitcoin model, but only a niche group is up to this task.

I believe we really should. Auditing all the code used is an important step for any serious business. Sure, maybe the investor doesn't have the technical knowledge to do it himself, but I would expect that someone who wants to push 1mil $ in a Bitcoin business will spend a few k to have someone audit the code (note: maybe not this week, but having this kind of investments will happen).

And I'm saying this because I believe it's important to expect audits and I think code should be written and documented with that in mind.

[luv2drnkbr]

Can somebody else tell me if they're getting a "key not valid" error?  I have Gavin's key and GPG is telling me the following message sig is bad:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

25c3ec9683d62235afea24d4a147d4616d8a884f  bitcoin-0.4.0-linux.tar.gz
a800d9fa4aa61527e598708f4ace7f855c22a46b  bitcoin-0.4.0-macosx.dmg
1d2c8d82ede5e8aa9f83b59da07e443de89c5c8f  bitcoin-0.4.0-src.tar.gz
ecf1304ff467bd30dc668b3dadff3044c3c86df1  bitcoin-0.4.0-win32-setup.exe
6034efe23e4bd76b0860f633e81710cd66d499db  bitcoin-0.4.0-win32.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAk58n20ACgkQdYgkL74406ibEACgzyZj86lsQORi5HTs/N3ABCes
Pg8AoKFXU1vxiZI9qZOQ5ZET60ewcynW
=sY+Q
-----END PGP SIGNATURE-----

[Steve]

It's good:

$ gpg --verify -a
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

25c3ec9683d62235afea24d4a147d4616d8a884f  bitcoin-0.4.0-linux.tar.gz
a800d9fa4aa61527e598708f4ace7f855c22a46b  bitcoin-0.4.0-macosx.dmg
1d2c8d82ede5e8aa9f83b59da07e443de89c5c8f  bitcoin-0.4.0-src.tar.gz
ecf1304ff467bd30dc668b3dadff3044c3c86df1  bitcoin-0.4.0-win32-setup.exe
6034efe23e4bd76b0860f633e81710cd66d499db  bitcoin-0.4.0-win32.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAk58n20ACgkQdYgkL74406ibEACgzyZj86lsQORi5HTs/N3ABCes
Pg8AoKFXU1vxiZI9qZOQ5ZET60ewcynW
=sY+Q
-----END PGP SIGNATURE-----
gpg: Signature made Fri Sep 23 11:02:05 2011 EDT using DSA key ID BE38D3A8
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   3  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 3u
gpg: depth: 1  valid:   1  signed:   0  trust: 1-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2013-03-23
gpg: Good signature from "Gavin Andresen <gavinandresen@gmail.com>"

[theymos]

Can somebody else tell me if they're getting a "key not valid" error?  I have Gavin's key and GPG is telling me the following message sig is bad:

Did you lsign his key first?

[luv2drnkbr]

Can somebody else tell me if they're getting a "key not valid" error?  I have Gavin's key and GPG is telling me the following message sig is bad:

Did you lsign his key first?

Ah, right, I'm an idiot.

[scrubadub]

Bumping this because I still don't see a good way to verify windows binaries after a brief search on the latest client.

The release announcement for the latest 0.8.4 does not include any signatures like some old ones did

What is much worse is source forge seems to only allow http downloads. Manually changing it to https seems to redirect me to http on the mirror and sourceforge webpages I tried.

So I guess my ask is to include signed sha256 sums in all release announcements and on the bitcoin.org websites download page since many people wont go and find the announcements.

And a tutorial link similar to what these guys have put together would also be helpful I think for newbies