Hello, I’m trying to setup a Bitcoin Core full node, however the pgp signature verification is brining up the error:
Hello, I'm trying to setup a Bitcoin Core full node, however the pgp signature verification is brining up the error:
It’s unclear to which is a hash file, a signature and whatever else?
Mac:Downloads macUser$ ls
Bitcoin-Qt.app bitcoin-27.0-x86_64-apple-darwin.zip
SHA256SUMS.asc
Mac:Downloads macUser$ gpg --verify SHA256SUMS.asc
gpg: WARNING: multiple signatures detected. Only the first will be checked.
gpg: no signed data
gpg: can't hash datafile: No data
Mac:Downloads macUser$ shasum -a 256 --ignore-missing --check SHA256SUMS.asc
Unknown option: ignore-missing
Type shasum -h for help
Mac:Downloads macUser$ sha256sum bitcoin-27.0-x86_64-applie-darwin.zip
-bash: sha256sum: command not found.
Hello @eiger3970,
I can only tell you how it usually is. In the normal case you have files like example.tar.xz and example.tar.xz.asc while the first one is the file where you want to check if it really comes from the person/organization you think it comes from. The second one (with the .asc ending) contains the signature you need for verification. You can check if by using gpg --verify example.tar.xz.asc example.tar.xz
In your case it should work by using gpg --verify SHA256SUMS.asc bitcoin-27.0-x86_64-apple-darwin.zip.
Why they named the file containing a SHA256SUMS I cannot answer and it is not good practice as you would expect it to contain a sha256 hash.
1 Like
Thank you, I tried again and maybe I broke it somehow by trying the 3 different keys with fingerprints as per guide If you know how to use PGP, you should also click the Verify Release Signatures link on the download page to download a signed list of SHA256 file hashes. The 0.11 and later releases are signed by Wladimir J. van der Laan’s releases key(laanwj-releases.asc) with the fingerprint:
01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964
Earlier releases were signed by Wladimir J. van der Laan’s regular key(laanwj.asc). That key’s fingerprint is:
71A3 B167 3540 5025 D447 E8F2 7481 0B01 2346 C9A6
Even earlier releases were signed by Gavin Andresen’s key. His primary key’s fingerprint is:
2664 6D99 CBAE C9B8 1982 EF60 29D9 EE6B 1FC7 30C1
Here’s my latest Terminal output attempt:
Mac:Downloads macUser$ ls
Bitcoin-Qt.app bitcoin-27.0-x86_64-apple-darwin.zip
SHA256SUMS.asc
Mac-mini:Downloads macminiosx10$ gpg --verify SHA256SUMS.asc bitcoin-27.0-x86_64-apple-darwin.zip
gpg: WARNING: multiple signatures detected. Only the first will be checked.
gpg: Signature made Tue 16 Apr 21:25:32 2024 AEST using RSA key ID 2E7EA81F
gpg: requesting key 2E7EA81F from hkps server hkps.pool.sks-keyservers.net
gpgkeys: HTTP fetch error 6: Couldn't resolve host 'hkps.pool.sks-keyservers.net'
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver helper internal error
gpg: keyserver communications error: General error
gpg: Can't check signature: No public key
Did you import the public key(s) which are linked in the guide?
1 Like
Thank you, I overlooked the mention of clicking back to the Download page for the verification links.
Ran the steps, however working out the following errors now:
Mac:Downloads macUser$ ls
Bitcoin-Qt.app SHA256SUMS.asc
SHA256SUMS bitcoin-27.0-x86_64-apple-darwin.zip
Mac:Downloads macUser$ shasum -a 256 --ignore-missing --check SHA256SUMS
Unknown option: ignore-missing
Type shasum -h for help
Mac-mini:Downloads macminiosx10$ shasum -a 256 --check SHA256SUMS
shasum: bitcoin-28.0-aarch64-linux-gnu-debug.tar.gz:
bitcoin-28.0-aarch64-linux-gnu-debug.tar.gz: FAILED open or read
shasum: bitcoin-28.0-aarch64-linux-gnu.tar.gz: No such file or directory
bitcoin-28.0-aarch64-linux-gnu.tar.gz: FAILED open or read
shasum: bitcoin-28.0-arm-linux-gnueabihf-debug.tar.gz: No such file or directory
bitcoin-28.0-arm-linux-gnueabihf-debug.tar.gz: FAILED open or read
shasum: bitcoin-28.0-arm-linux-gnueabihf.tar.gz: No such file or directory
bitcoin-28.0-arm-linux-gnueabihf.tar.gz: FAILED open or read
shasum: bitcoin-28.0-arm64-apple-darwin.zip: No such file or directory
bitcoin-28.0-arm64-apple-darwin.zip: FAILED open or read
shasum: bitcoin-28.0-arm64-apple-darwin-unsigned.tar.gz: No such file or directory
bitcoin-28.0-arm64-apple-darwin-unsigned.tar.gz: FAILED open or read
shasum: bitcoin-28.0-arm64-apple-darwin-unsigned.zip: No such file or directory
bitcoin-28.0-arm64-apple-darwin-unsigned.zip: FAILED open or read
shasum: bitcoin-28.0-arm64-apple-darwin.tar.gz: No such file or directory
bitcoin-28.0-arm64-apple-darwin.tar.gz: FAILED open or read
shasum: bitcoin-28.0-codesignatures-28.0.tar.gz: No such file or directory
bitcoin-28.0-codesignatures-28.0.tar.gz: FAILED open or read
shasum: bitcoin-28.0.tar.gz: No such file or directory
bitcoin-28.0.tar.gz: FAILED open or read
shasum: bitcoin-28.0-powerpc64-linux-gnu-debug.tar.gz: No such file or directory
bitcoin-28.0-powerpc64-linux-gnu-debug.tar.gz: FAILED open or read
shasum: bitcoin-28.0-powerpc64-linux-gnu.tar.gz: No such file or directory
bitcoin-28.0-powerpc64-linux-gnu.tar.gz: FAILED open or read
shasum: bitcoin-28.0-riscv64-linux-gnu-debug.tar.gz: No such file or directory
bitcoin-28.0-riscv64-linux-gnu-debug.tar.gz: FAILED open or read
shasum: bitcoin-28.0-riscv64-linux-gnu.tar.gz: No such file or directory
bitcoin-28.0-riscv64-linux-gnu.tar.gz: FAILED open or read
shasum: bitcoin-28.0-x86_64-apple-darwin.zip: No such file or directory
bitcoin-28.0-x86_64-apple-darwin.zip: FAILED open or read
shasum: bitcoin-28.0-x86_64-apple-darwin-unsigned.tar.gz: No such file or directory
bitcoin-28.0-x86_64-apple-darwin-unsigned.tar.gz: FAILED open or read
shasum: bitcoin-28.0-x86_64-apple-darwin-unsigned.zip: No such file or directory
bitcoin-28.0-x86_64-apple-darwin-unsigned.zip: FAILED open or read
shasum: bitcoin-28.0-x86_64-apple-darwin.tar.gz: No such file or directory
bitcoin-28.0-x86_64-apple-darwin.tar.gz: FAILED open or read
shasum: bitcoin-28.0-x86_64-linux-gnu-debug.tar.gz: No such file or directory
bitcoin-28.0-x86_64-linux-gnu-debug.tar.gz: FAILED open or read
shasum: bitcoin-28.0-x86_64-linux-gnu.tar.gz: No such file or directory
bitcoin-28.0-x86_64-linux-gnu.tar.gz: FAILED open or read
shasum: bitcoin-28.0-win64-setup.exe: No such file or directory
bitcoin-28.0-win64-setup.exe: FAILED open or read
shasum: bitcoin-28.0-win64-debug.zip: No such file or directory
bitcoin-28.0-win64-debug.zip: FAILED open or read
shasum: bitcoin-28.0-win64-setup-unsigned.exe: No such file or directory
bitcoin-28.0-win64-setup-unsigned.exe: FAILED open or read
shasum: bitcoin-28.0-win64-unsigned.tar.gz: No such file or directory
bitcoin-28.0-win64-unsigned.tar.gz: FAILED open or read
shasum: bitcoin-28.0-win64.zip: No such file or directory
bitcoin-28.0-win64.zip: FAILED open or read
shasum: WARNING: 25 listed files could not be read
Is there a hash value inside the SHA256SUMS? In that case I would expect that you could run shasum -a 256 Bitcoin-Qt.app and that you would see the same value as the output of that command.
1 Like
That worked. Does that mean the keys and signatures have been verified?
Mac:Downloads macUser$ ls
Bitcoin-Qt.app SHA256SUMS.asc
SHA256SUMS bitcoin-27.0-x86_64-apple-darwin.zip
Mac:Downloads macUser$ shasum -a 256 Bitcoin-Qt.app/
shasum: Bitcoin-Qt.app/:
What do you mean with “that worked”? Did you see something like 23bd4728d59aa19260aaeec757b4f76eca4baebaf33a94f120086c06e7bc80ef Bitcoin-Qt.app in the output? And is the same value (in this example 23bd4728d59aa19260aaeec757b4f76eca4baebaf33a94f120086c06e7bc80ef) contained by the SHA256SUMS file?
If yes then you’re finished with the verification.
No, just the output above.
Oh sorry, I see the mistake. This should be correct: shasum -a 256 bitcoin-27.0-x86_64-apple-darwin.zip. You always have to check the file you downloaded - which in this case is the zip file - and not the extracted folder.