When you visit bitcoincore.org to download the Bitcoin software, you're greeted with a page like this.

If you're like me, you smash the blue "Download" button, say a prayer to the Virgin Mary, and hope your bitcoins don't disappear!

But there's a better way. That "Verify release signature" link is front-and-center for a reason. It helps you prove to yourself that you downloaded the real Bitcoin software. Let's go over how this works so you can more confidently use Bitcoin in the future.

SHA256SUMS.asc

When you click that "Verify release signature" link it will download a SHA256SUMS.asc file like the one below. (Note: In future this exact file will remain available here. You can also try this tutorial with future releases of Bitcoin Core, but the hashes and filenames will be different.).

This is a PGP-signed message. There are two parts:

• The text between and is the message.
• The text between and is a PGP signature of that message.

The message declares the correct SHA-256 hashes for different releases of the Bitcoin Core software. In order to use this file to verify our Bitcoin Core download, we must check 2 things: that we get the same value when we hash our download of the Bitcoin software, and that the PGP signature is valid. Let's start with the PGP signature.

Verify PGP Signature

Let's verify the signature inside SHA256SUM.asc:

Interesting. PGP can't verify this signature because it doesn't have the public key. But it knows which PGP key it doesn't have: . This is a PGP "key ID" which is one way PGP public keys are identified. One of these key ID's is embedded in the signature we're dealing with.

The downloads page on bitcoincore.org tells us which key is used for this signature and how to obtain it: . Notice anything about it?

It ends with , our PGP key ID! Let's download the full public key using the fingerprint from bitcoincore.org:

Looking good. We once again see our key id, and the description of the key "Wladimir J. van der Laan (Bitcoin Core binary release signing key) laanwj@gmail.com" sounds like what we're looking for.

Now that we have the public key, let's try to verify the signature again:

A few notes:

• "Good signature" means the signature was cryptographically valid
• "WARNING: This key is not certified with a trusted signature!" means that PGP doesn't place a high degree of trust in the public key we just downloaded from the internet. If you really wanted to trust this key, it would be ideal to meet Wladimir at a bitcoin conference and ask for it in person. Or maybe ask a few friends for it and make sure everyone gives you the same key. PGP has commands to mark such public keys with greater trust. We can ignore this message for now.

Verify File Hash

Now that we're reasonably convinced the Bitcoin Core release signing key signed that list of hashes, let's download a release of the Bitcoin software, hash it, and see if we get a match.

The first line in the PGP message asserts that when you SHA-256 hash you will get . Let's verify this. You can download the file here. These instructions should work on Linux and MacOS:

We're now convinced that Wladimir signed the PGP message and that the copy of the Bitcoin software we downloaded is exactly the same as the one he released -- because they hash to the same value. You should be able to use this and future releases with greater confidence.

But one question remains. Why does Wladimir get to choose the hashes? Are we placing an unreasonable amount of trust in one person? In the next post I'll explain how Bitcoin Core developers use a system called Gitian to enable anyone to independently build these releases and arrive at consensus on the correct hashes before the software is ever released. Wladimir's signature reflects this consensus, not his personal opinion.