3

I plan on running several so called Full node servers with bitcoind (Bitcoin Core daemon).

All servers are running GNU/Linux Debian Stretch.

How do I verify integrity of the downloaded tarball with a GPG key and SHA-256 hash?

I downloaded the files from The official download page.

  1. First, I downloaded the file I want to check, over a secure connection: 

    wget https://bitcoin.org/bin/bitcoin-core-0.15.1/bitcoin-0.15.1-x86_64-linux-gnu.tar.gz

  2. Then, I downloaded the hash sums containing file over secure connection:

    wget https://bitcoin.org/bin/bitcoin-core-0.15.1/SHA256SUMS.asc

  3. Lastly, I downloaded the release signing key: 

    wget https://bitcoin.org/laanwj-releases.asc
LinuxSecurityFreak
  • 1,562
  • 2
  • 18
  • 32

1 Answers1

1

Updated for the latest version: 0.15.1

  1. You need to verify the signing key's fingerprint, before you import it:

    cat laanwj-releases.asc | gpg --with-fingerprint --with-colons - | sed -ne 's|^fpr:::::::::\([0-9A-F]\+\):$|\1|p'

    It should say:

    01EA5486DE18A882D4C2684590C8019E36C2E964

    Do not continue, if it does not match!

  2. The signing key needs to be imported:

    gpg --import laanwj-releases.asc 2>&1 | grep 36C2E964

    It should say:

    gpg: key 36C2E964: "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>" imported

  3. Now, we check the hash sum containing file's signature:

    gpg --verify SHA256SUMS.asc

    It should say:

    gpg: Signature made Sat 11 Nov 2017 02:52:22 PM CET using RSA key ID 36C2E964
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>"

  4. And finally what we needed - to check that the hash sum of the file matches:

    sha256sum --check --ignore-missing SHA256SUMS.asc 2>&1 | grep OK

    It should say:

    bitcoin-0.15.1-x86_64-linux-gnu.tar.gz: OK

    In case it does not output anything, something's wrong and you may verify this by running it without | grep OK on the end.

LinuxSecurityFreak
  • 1,562
  • 2
  • 18
  • 32
  • If you download the public key from the official website it doesn't protect you from getting a wrong key. If an attacker had compromised the website he can replace the key with its own. So there is no need to verify against the public key downloaded with the client. It is for another purpose : you store it in your system and verify freshly downloaded clients against the public key stored in your system. If you are connected to the web of trust you can also use it. – KOLANICH Feb 04 '18 at 11:36
  • You are rightly urge. But 1 why do you think that users can trust you, why can they be sure that your hash is the right one 2 are you ready to update this answer every time the cert changes? – KOLANICH Feb 04 '18 at 11:53
  • 3 How are you going to be sure that your fingerprint is the right one? Were you given that public key by Wladimir J. van der Laan personally ? – KOLANICH Feb 04 '18 at 12:03
  • 4 SHA256 security is not proven. So it is more secure to store the key itseof than its fingerprint. – KOLANICH Feb 04 '18 at 12:04
  • In that question the hash function is threated in random oracle model. Real world hash functions are not random oracles. This is exploited in attacks on hash functions. – KOLANICH Feb 04 '18 at 12:22
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/72666/discussion-between-vlastimil-and-kolanich). – LinuxSecurityFreak Feb 04 '18 at 12:24