Hey, I'm just getting into BTC and I’m not really a techie. But I figured out some basics like hardware wallets and seed phrases after finding some super simple guides online that explain things as if I were a kid.
Now, before I buy any significant amount of BTC, I want to boost my privacy, so I'm looking to run my own node. I'm on Windows.
But man, verifying the bitcoin core file has totally thrown me off. Most of us regular folks have never even opened CMD on Windows or done anything like that! Like, I checked out a guide here and it really feels like it's written for tech pros:
https://bitcoin.org/en/full-node#windows-10
For example, there’s this part:
That’s cool, but… HOW do I do that?
I’ve come across some other guides online that touch on verification, but they always assume I know a bunch of stuff. I even asked GROK and Chat GPT for help on a specific step, but I just ended up stuck again.
Is there a straightforward step-by-step guide (like click here, open this…) to verify the bitcoin core file, described as if I were 8?
A Simple Guide to Verifying Bitcoin Core for Beginners
5 replies 60 views
I like https://bitcoincore.org/en/download/ instructions better.
Just take your time & try to enjoy the verification process. You may end up using it a lot .
YouTube has a lot of videos covering this subject but most people are running mac or Linux.
Good luck!
seed_vaultFull Member
Posts: 71 · Reputation: 451
#3Feb 18, 2018, 03:59 PM
Verification process of the Bitcoin Core binary is a multi-step process.
1. Download the Bitcoin Core binary for Windows, the SHA256SUMS hashes file, and the SHA256SUMS.asc signature file.
2. Open a terminal in the directory where you downloaded the files, you can do this by browsing to the directory in Windows Explorer and right clicking in the white space and select "open in Terminal".
3. Hash the binary file by typing the following command in the terminal:
You should get an output like this:
4. Open the SHA256SUMS file by right clicking on it and select "Open with" then select Notepad.
5. Copy the sha hash string from the terminal, and using Notepad's search function search for the hash string. You should get a match indicating your binary matches the hash string:
6. Now comes the fun part, you get to learn how to use GPG to check the SHA256SUMS file, but you'll need to install GPG first. Here's a guide I put together for Electrum, but the principal is the same for any signed file: https://bitcointalk.org/index.php?topic=5240594.0
I use terminal commands to verify GPS signatures:
Thank you so much!
I finally found the time to sit down to this during the weekend, and it turned out points 1-5 were super easly (thanks to your guide)
Now, I will try to do the "fun part" - point 6
One more general question:
Suppose I somehow fail to properly verify the bticoin core file, and somehow manage to download a tainted version of bitcoin core.
IF I interact with bitcoin core only through my hardware wallet,
then
I understand that the worst that may happen is that I will be somehow "mislead" by the fake btc core, and if I send my coins they may end up in some other address than the one shown on btc core.
However, when interacting through a hardware wallet my coins are still safe as long as I don't move them. In other words, the malicous third party running the tainted btc core cannot access my coins, it can only mislead me, and cause me to send my coins to their address.
IF the above is correct, then I understand that the best precaution would be always sending small batch of btc first. Then open some third party trusted btc explorer (multiple at best) and verify without using btc core that the coins actually went to the adress they were suppose to go?
So, with the "fun part" (use GPG to check the SHA256SUMS file), I got stuck here:
ThomasV's fingerprint is used when checking the Electrum file, but how do I get the fingerprint for BTC core?
I asked GROK for help
GROK told me to find a list of these keys in the Bitcoin Core GitHub repository under contrib/builder-keys/keys.txt
I managed to get to the contrib folder as instructed by GROK. But inside this folder there is no "builder-keys" folder as GROK claims
GROK showed outdated information, the keys.txt file only exist until version 24.2[1]. These days, you can find it on different GitHub repository[2].
[1] https://github.com/bitcoin/bitcoin/blob/v24.2/contrib/builder-keys/keys.txt
[2] https://github.com/bitcoin-core/guix.sigs
seed_vaultFull Member
Posts: 71 · Reputation: 451
#6Feb 19, 2018, 01:58 AM
It might sound like a chore, but you should always verify the recipient's address the old fashioned way; by reading it. Even if your wallet software is legit, and your hardware wallet is secure, you could have inadvertently installed some clipboard malware which could alter addresses.
Stop that.
I don't have all the signatories keys loaded, just the few that I know.
Ava (formerly Andrew) Chow is member here on the forum, and she's one of the signatories. Stephan Oeste is another, and is one of the developers of Electrum and Bisq, so I'm familiar with his work too. I don't think he's active here on the forum, however. There are a couple of others that I have keys for, but as long as you have at least a couple of the signatories' keys in your GPG keychain, you'll be good to verify the hash file.
ABCbit posted the link to their fingerprints, you can use the following code to import them into your keychain.
?Reply
Sign in to reply to this topic
Related topics
- Issue with Bitcoin Core Wallet after power outage 8
- Transforming my wallet into an HD wallet bitcoin core 26 4
- bitcoin-qt sync issues and slow speeds 6
- Recovering a Bitcoin wallet and address 8
- CipherSeed: A Comprehensive Guide to Super-Secure Crypto Wallet Backups 5
- Simple Offline Wallet (key-pair) Setup on Linux Without GUI 0