Verification of the Monero binary files should be done prior to extracting, installing, or using the Monero software. This is the only way to ensure that you are using the official Monero binary. If you receive a fake binary (eg. phishing, MITM, etc.), following this guide will protect you from being tricked into using it.
To protect the integrity of the binaries the Monero team provides a cryptographically signed list of all the [SHA256](https://en.wikipedia.org/wiki/SHA-2) hashes. If your downloaded binary has been tampered with it will be produce a [different hash](https://en.wikipedia.org/wiki/File_verification) than the one in the file.
This is a beginners guide for the Windows operating system and will make use of GUIs almost exclusively. It will walk you through the process of installing the required software, importing the signing key, downloading the necessary files, and finally verifying that your binary is authentic.
This section will cover installing the cryptography software. Windows does not come with the tools required to verify your binary. To install these tools you can use the Gpg4win installer.
### 1.1. Getting Gpg4win Installer
#### 1.1.1. Download Gpg4win
In a web browser, go to [gpg4win.org](https://gpg4win.org) and download the installer by clicking the green button.
This section will cover downloading the Monero signing key, verifying that the key is correct, and then importing the key to your keyring. The hash file that will be used to verify your binary is cryptographically signed with the Monero signing key. In order to check the validity of this file you must have the public version of the signing key.
### 2.1. Download Signing Key
In a web browser, go to [Fluffypony's GPG key](https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc), which he uses for signing the Monero binaries. Right click on the page, choose `Save Page As`.
![getkey right click](png/verify_binary_windows_beginner/verify-win_getkey-rightclick.png)
Leave the default location, click `Save`.
![getkey save file](png/verify_binary_windows_beginner/verify-win_getkey-savefilename.png)
### 2.2. Initialize Kleopatra
If this is your first time using Kleopatra you will have to create a key pair for yourself.
If the fingerprint of this key **DOES NOT** match, **DO NOT CONTINUE**. Instead delete the file `fluffypony` from the `Downloads` directory and go back to [section 2.1](#21-download-signing-key).
Leave `Certify only for myself` selected, click `Certify`.
![kleo certify for self](png/verify_binary_windows_beginner/verify-win_kleopatra-certify-forself.png)
If you receive a **VALID** signature, click `Discard` and move on.
If you receive an **INVALID** signature, **DO NOT CONTINUE.** Instead delete the file `hashes` from the `Downloads` directory and go back to [section 3.1](#31-download-hash-file).
## 4. Binary File Verification
This section will cover downloading the Monero binary and verifying its authenticity.
Calculate the hash of the Monero binary with the command: `certUtil -hashfile monero-gui-win-x64-v0.11.1.0.zip SHA256` (if you downloaded a command-line only version, replace `monero-gui-win-x64-v0.11.1.0.zip` accordingly).
If your hash **DOES** match then you are finished with verification! You can be sure the Monero files you have are authentic. You may extract and install/use the files normally.
If your hash **DOES NOT** match **DO NOT CONTINUE.** Instead delete the Monero binary from the `Downloads` directory and go back to [section 4.1](#41-download-binary).