Verification of Bitcoin Core Download in Ubuntu
Bitcoin, Cryptocurrency, Security, Verification
There are numerous ways to install Bitcoin Core in Ubuntu:
- via PPA
- Cloning from Github
- Downloading the binaries from https://bitcoin.org/en/download
Install Via Downloaded Package from bitcoin.org
Download Bitcoin Core: https://bitcoin.org/en/download
Select Linux (tgz), which will trigger a download - at the time of writing: bitcoin-0.14.2-x86_64-linux-gnu.tar.gz
.
Verification
Download the release signature document. At the time of writing, this is here: https://bitcoin.org/bin/bitcoin-core-0.14.2/SHA256SUMS.asc. This downloads SHA256SUMS.asc
.
This file is a signed PGP message that contains the SHA256 sums for the various Bitcoin core downloads. By comparing the relevant value with the SHA256 sum of the bitcoin-0.14.2-x86_64-linux-gnu.tar.gz
that you have downloaded, you can verify the authenticity of what you have downloaded.
You should first verify that the signature document itself is authentic. This is done using Gnu Privacy Guard (GPG)
Verification of the Signatures Document
Download the relevant GPG signing key - these are presented on the download page under the title “Bitcoin Core Release Signing Keys”. Click the correct version to download the relevant key. At the time of writing, this is laanwj-releases.asc
.
Your ~/Downloads
directory should now contain:
Import the Public Key
Move into your ~/Downloads
directory and run:
Check Signatures Document
You can now establish the authenticity of the signatures document by running:
Check the Authenticity of the Download: SHA256 Checksum
You can now use the signatures document to establish the authenticity of the Bitcoin download.
Note: the tar.gz file provided for download doesn’t appear to contain source files (as suggested here), so you can’t use this to compile. It does include binaries.
Install Via Github
You can clone Bitcoin source code from Github, and compile from this.
There are quite a few dependencies - these are outlined in the doc/build-unix.md
document: https://github.com/bitcoin/bitcoin/blob/master/doc/build-unix.md.
Installing from GitHub is probably a pretty secure method as you’ll be pulling the files over an encrypted connection - so long as you trust that the Github repo has not been tampered with (which makes Github probably as trusted an installation route as the downloadable binaries).
Install Via PPA
To install via PPA, add ppa:bitcoin/bitcoin
to your system’s Software Sources:
This is the stable Channel of bitcoin-qt (GUI) and bitcoind (CLI) for Ubuntu. The Launchpad description actually recommends use of the official binaries, where possible, to limit trust in Launchpad/the PPA owner.
Running Bitcoin
Once you have verified your download, move the downloaded file into a suitable location where the binaries can be run. The downloaded file is a zipped directory so it should be OK to unzip in situ:
The binaries are located in the bin
directory. To run bitcoin-qt, move into bin and run ./bin/bitcoin-qt
. The first time you run this, the programme will build the default data directory for you.
It is more convenient to create a symlink to the executables (e.g. bin/bitcoin-qt
, bin/bitcoind
) in /usr/local/bin
. You can then easily start Bitcoin executables from the command line.
TLDR
Download core:
Download signatures:
Check signatures doc:
Verify the signing key e.g.: https://github.com/bitcoin/bitcoin/tree/master/contrib/verifybinaries. Verify the shasum for the download:
If all is OK, this will be the result:
Move the download and unzip:
Resources
comments powered by Disqus