Merge pull request #692 from qubenix/qubenix-adv-verify

Add advanced binary verification user guide
This commit is contained in:
luigi1111 2018-06-07 12:00:47 -05:00 committed by GitHub
commit 1d872a323d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 982 additions and 50 deletions

View file

@ -21,7 +21,7 @@ global:
privacy: Privacy
copyright: Copyright
untranslated: This page is not yet translated. If you would like to help translate it, please see the
titles:
index: Home
whatismonero: What is Monero (XMR)?
@ -54,10 +54,10 @@ titles:
ffs-ot: Open Tasks
ffs-wip: Work in Progress
blogbytag: Blog by Tag
index:
page_title: "Monero - secure, private, untraceable"
home:
translated: "yes"
heading2: Private Digital Currency
@ -105,15 +105,15 @@ hangouts:
merchants:
translated: "yes"
intro1: Merchants of all kinds have come to value the financial privacy that Monero brings. Below is a list of the merchants that we know of that currently accept Monero for their goods and services. If a company no longer accepts Monero or you would like your business to be listed, please
intro1: Merchants of all kinds have come to value the financial privacy that Monero brings. Below is a list of the merchants that we know of that currently accept Monero for their goods and services. If a company no longer accepts Monero or you would like your business to be listed, please
intro2: open a GitHub issue and let us know.
disclaimer: |
"Please note: these links are being provided as a convenience and for informational purposes only; they do not constitute an endorsement by the Monero community of any products, services or opinions of the corporations or organizations or individuals listed. The Monero community bears no responsibility for the accuracy, legality, or content of these external sites. Contact the external site for answers to questions regarding its content. As always, caveat emptor ('buyer beware'); you are responsible for doing your own research. Always use judgement when making online purchases."
sponsorships:
translated: "yes"
intro: The following businesses have supported the Monero Project in its goal to bring financial privacy to the world. We couldn't be more grateful for their contributions. If you would like to sponsor the Monero Project and be listed on this page, please send an email to dev@getmonero.org.
team:
translated: "yes"
core: Core
@ -131,7 +131,7 @@ downloads:
sourceblockchain: Source & Blockchain
mobilelight: Mobile & Light
hardware: Hardware
intro1: If you need help choosing the correct application, please click
intro1: If you need help choosing the correct application, please click
intro2: here
intro3: for a quick answer, then select the appropriate release for your operating system below.
note1: "Note: the SHA256 hashes are listed by the downloads for convenience, but a GPG-signed list of the hashes is at"
@ -159,7 +159,7 @@ monero-project:
press-kit:
translated: "yes"
intro1: Here you'll find the Monero symbol and logo below. You can choose any size that you want, or download the .ai file to mess with the logo yourself.
intro1: Here you'll find the Monero symbol and logo below. You can choose any size that you want, or download the .ai file to mess with the logo yourself.
intro2: Note that the white background options have a white background under the Monero symbol ONLY, not as a background to the whole image.
intro3: Lastly, you can download everything on this page in one zip file by clicking
intro4: here.
@ -352,8 +352,8 @@ about:
privacy_para: Monero takes privacy seriously. Monero needs to be able to protect users in a court of law and, in extreme cases, from the death penalty. This level of privacy must be completely accessible to all users, whether they are technologically competent or have no idea how Monero works. A user needs to confidently trust Monero in a way that this person does not feel pressured into changing their spending habits for risk of others finding out.
decentralization: Decentralization
decentralization_para: Monero is committed to providing the maximum amount of decentralization. With Monero, you do not have to trust anyone else on the network, and it is not run by any large group. An accessible “Proof of Work” algorithm makes it easy to mine Monero on normal computers, which makes it more difficult for someone to purchase a large amount of mining power. Nodes connect to each other with I2P to lower the risks of revealing sensitive transaction information and censorship (tba). Development decisions are extremely clear and open to public discussion. Developer meeting logs are published online in their entirety and visible by all.
developer-guides:
translated: "yes"
outdated: "Please note: the guides below are currently out of date, but are considered a good starting point for most calls."
@ -373,6 +373,7 @@ user-guides:
import-blockchain: Importing the Monero blockchain
monero-tools: Monero Tools
purchasing-storing: Securely purchasing and storing Monero
verify-allos: Verify binaries on Linux, Mac, or Windows command line (advanced)
verify-windows: Verify binaries on Windows (beginner)
mine-on-pool: How to mine on a pool with xmr-stak-cpu
solo-mine: How to solo mine with the GUI
@ -418,7 +419,7 @@ research-lab:
annotated_para: The Monero Research Lab released an annotated version of the cryptonote whitepaper. This is sort of like an informal review of the claims that are made line-by-line of the whitepaper. It also explains some of the harder concepts in relatively easy to understand terms.
brandon: Brandon Goodell's Whitepaper Review
brandon_para: This paper is a formal review of the original cryptonote paper by MRL researcher Brandon Goodell. He takes an in-depth look at the claims and mathematics presented in the cryptonote paper.
blog:
title_1: All
@ -428,7 +429,7 @@ blog:
author: Posted by
date: Posted at
forum: Click here to join the discussion for this entry on the Monero Forum
tags:
all: Articles by Tag
notags: There are no posts for this tag.

View file

@ -0,0 +1,183 @@
# Binary Verification: Linux, Mac, or Windows Using CLI Tools (Advanced)
Verification of the Monero binary files should be done prior to extracting, installing, or using the Monero software. This is the only way to ensure that you are using the official Monero software. If you receive a fake Monero binary (eg. phishing, MITM, etc.), following this guide will protect you from being tricked into using it.
To protect the integrity of the binaries the Monero team provides a cryptographically signed list of all the [SHA256](https://en.wikipedia.org/wiki/SHA-2) hashes. If your downloaded binary has been tampered with it will be produce a [different hash](https://en.wikipedia.org/wiki/File_verification) than the one in the file.
This is an advanced guide for Linux, Mac, or Windows operating systems and will make use of the command line. It will walk you through the process of installing the required software, importing the signing key, downloading the necessary files, and finally verifying that your binary is authentic.
## Table of Contents:
### [1. Install GnuPG](#1-installing-gnupg)
### [2. Verify & Import Signing Key](#2-verify-and-import-signing-key)
+ [2.1. Get Signing Key](#21-get-signing-key)
+ [2.2. Verify Signing key](#22-verify-signing-key)
+ [2.3. Import Signing key](#23-import-signing-key)
### [3. Download & Verify Hash File](#3-download-and-verify-hash-file)
+ [3.1. Get Hash File](#31-get-hash-file)
+ [3.2. Verify Hash File](#32-verify-hash-file)
### [4. Download & Verify Binary](#4-download-and-verify-binary)
+ [4.1. Get Monero Binary](#41-get-monero-binary)
+ [4.2. Binary Verification on Linux or Mac](#42-binary-verification-on-linux-or-mac)
+ [4.3. Binary Verification on Windows](#43-binary-verification-on-windows)
## 1. Installing GnuPG
+ On Windows, go to the [Gpg4win download page](https://gpg4win.org/download.html) and follow the instructions for installation.
+ On Mac, go to the [Gpgtools download page](https://gpgtools.org/) and follow the instructions for installation.
+ On Linux, GnuPG is installed by default.
## 2. Verify and Import Signing Key
This section will cover getting the Monero signing key, making sure it is correct, and importing the key to GnuPG.
### 2.1. Get Signing Key
On Windows or Mac, go to [Fluffypony's GPG key](https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc), which he uses to sign the Monero binaries, and save the page as `fluffypony.asc` to your home directory.
On Linux, you can download Fluffypony's signing key by issuing the following command:
```
wget -O fluffypony.asc https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc
```
### 2.2. Verify Signing Key
On all operating systems, check the fingerprint of `fluffypony.asc` by issuing the following command in a terminal:
```
gpg --keyid-format long --with-fingerprint fluffypony.asc
```
Verify the fingerprint matches:
```
pub 2048R/7455C5E3C0CDCEB9 2013-04-08 Riccardo Spagni <ric@spagni.net>
Key fingerprint = BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9
sub 2048R/55432DF31CCD4FCD 2013-04-08
```
If the fingerprint **DOES** match, then you may proceed.
If the fingerprint **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the file `fluffypony.asc` and go back to [section 2.1](#21-get-signing-key).
### 2.3. Import Signing Key
From a terminal, import the signing key:
```
gpg --import fluffypony.asc
```
If this is the first time you have imported the key, the output will look like this:
```
gpg: key 0x7455C5E3C0CDCEB9: 2 signatures not checked due to missing keys
gpg: key 0x7455C5E3C0CDCEB9: public key "Riccardo Spagni <ric@spagni.net>" importe
d
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
```
If you have imported the key previously, the output will look like this:
```
gpg: key 0x7455C5E3C0CDCEB9: "Riccardo Spagni <ric@spagni.net>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
```
## 3. Download and Verify Hash File
This section will cover downloading the hash file and verifying its authenticity.
### 3.1. Get Hash File
On Windows or Mac, go to the [hashes file on getmonero.org](https://getmonero.org/downloads/hashes.txt) and save the page as `hashes.txt` to your home directory.
On Linux, you can download the signed hashes file by issuing the following command:
```
wget -O hashes.txt https://getmonero.org/downloads/hashes.txt
```
### 3.2. Verify Hash File
The hash file is signed with key `94B7 38DD 3501 32F5 ACBE EA1D 5543 2DF3 1CCD 4FCD`, which is a subkey of key `BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9` (as reflected in the output below).
On all operating systems, verify the signature of the hash file by issuing the following command in a terminal:
```
gpg --verify hashes.txt
```
If the file is authentic, the output will look like this:
```
gpg: Signature made Thu 05 Apr 2018 06:07:35 AM MDT
gpg: using RSA key 94B738DD350132F5ACBEEA1D55432DF31CCD4FCD
gpg: Good signature from "Riccardo Spagni <ric@spagni.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9
Subkey fingerprint: 94B7 38DD 3501 32F5 ACBE EA1D 5543 2DF3 1CCD 4FCD
```
If your output shows **Good signature**, as in the example, then you may proceed.
If you see **BAD signature** in the output, **DO NOT CONTINUE.** Instead delete the file `hashes.txt` and go back to [section 3.1](#31-get-hash-file).
## 4. Download and Verify Binary
This section will cover downloading the Monero binary for your operating system, getting the `SHA256` hash of your download, and verifying that it is correct.
### 4.1. Get Monero binary
On Windows or Mac, go to [getmonero.org](https://getmonero.org/downloads/) and download the correct file for your operating system. Save the file to your home directory. **Do not extract the files yet.**
On Linux, you can download the command line tools by issuing the following command:
```
wget -O monero-linux-x64-v0.12.0.0.tar.bz2 https://downloads.getmonero.org/cli/linux64
```
### 4.2. Binary Verification on Linux or Mac
The steps for both Linux and Mac are the same. From a terminal, get the `SHA256` hash of your downloaded Monero binary. As an example this guide will use the `Linux, 64bit` GUI binary. Substitute `monero-gui-linux-x64-v0.12.0.0.tar.bz2` with the name of the binary that you downloaded in [section 4.1](#41-get-monero-binary).
```
shasum -a 256 monero-gui-linux-x64-v0.12.0.0.tar.bz2
```
The output will look like this, but will be different for each binary file. Your `SHA256` hash should match the one listed in the `hashes.txt` file for your binary file.
```
fb0f43387b31202f381c918660d9bc32a3d28a4733d391b1625a0e15737c5388 monero-gui-linux-x64-v0.12.0.0.tar.bz2
```
If your hash **DOES** match, then you are finished with the guide! You can extract the files and install.
If your hash **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the binary you downloaded and go back to [section 4.1](#41-get-monero-binary).
### 4.3. Binary Verification on Windows
From a terminal, get the `SHA256` hash of your downloaded Monero binary. As an example this guide will use the `Windows, 64bit` GUI binary. Substitute `monero-gui-win-x64-v0.12.0.0.zip` with the name of the binary that you downloaded in [section 4.1](#41-get-monero-binary).
```
certUtil -hashfile monero-gui-win-x64-v0.12.0.0.zip SHA256
```
The output will look like this, but will be different for each binary file. Your `SHA256` hash should match the one listed in the `hashes.txt` file for your binary file.
```
SHA256 hash of file monero-gui-win-x64-v0.12.0.0.zip:
4b 9f 31 68 6e ca ad 97 cd b1 75 e6 57 4b f3 07 f8 d1 c4 10 42 78 25 f4 30 4c 21 da 8a ac 18 64
CertUtil: -hashfile command completed successfully.
```
If your hash **DOES** match, then you are finished with the guide! You can extract the files and install.
If your hash **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the binary you downloaded and go back to [section 4.1](#41-get-monero-binary).

View file

@ -21,7 +21,7 @@ global:
privacy: Privacy
copyright: Copyright
untranslated: Esta pagina is not yet translated. If you would like to help translate it, please see the
titles:
index: Inicio
whatismonero: ¿Qué es Monero (XMR)?
@ -54,7 +54,7 @@ titles:
ffs-ot: Open Tasks
ffs-wip: Work in Progress
blogbytag: Blog by Tag
index:
page_title: "Monero - secure, private, untraceable"
@ -105,7 +105,7 @@ hangouts:
merchants:
translated: "no"
intro1: Merchants of all kinds have come to value the financial privacy that Monero brings. Below is a list of the merchants that we know of that currently accept Monero for their goods and services. If a company no longer accepts Monero or you would like your business to be listed, please
intro1: Merchants of all kinds have come to value the financial privacy that Monero brings. Below is a list of the merchants that we know of that currently accept Monero for their goods and services. If a company no longer accepts Monero or you would like your business to be listed, please
intro2: open a GitHub issue and let us know.
disclaimer: |
"Please note: these links are being provided as a convenience and for informational purposes only; they do not constitute an endorsement by the Monero community of any products, services or opinions of the corporations or organizations or individuals listed. The Monero community bears no responsibility for the accuracy, legality, or content of these external sites. Contact the external site for answers to questions regarding its content. As always, caveat emptor ('buyer beware'); you are responsible for doing your own research. Always use judgement when making online purchases."
@ -138,7 +138,7 @@ downloads:
note2: y debe tratarse como canónico, con la firma marcada con la clave GPG apropiada en el código fuente (en /utils/gpg_keys).
currentversion: Versión actual
sourcecode: Código fuente
blockchain1: Si prefieres usar un blockchain bootstrap, en lugar de sincronizar desde cero, puedes
blockchain1: Si prefieres usar un blockchain bootstrap, en lugar de sincronizar desde cero, puedes
blockchain2: usar este enlace para el programa de arranque más reciente.
blockchain3: Sin embargo, normalmente es mucho más rápido sincronizar desde cero y también requiere menos RAM (la importación es muy exigente).
hardware1: La comunidad Monero acaba de financiar una
@ -159,7 +159,7 @@ monero-project:
press-kit:
translated: "no"
intro1: Here you'll find the Monero symbol and logo below. You can choose any size that you want, or download the .ai file to mess with the logo yourself.
intro1: Here you'll find the Monero symbol and logo below. You can choose any size that you want, or download the .ai file to mess with the logo yourself.
intro2: Note that the white background options have a white background under the Monero symbol ONLY, not as a background to the whole image.
intro3: Lastly, you can download everything on this page in one zip file by clicking
intro4: here.
@ -352,8 +352,8 @@ about:
privacy_para: Monero takes privacy seriously. Monero needs to be able to protect users in a court of law and, in extreme cases, from the death penalty. This level of privacy must be completely accessible to all users, whether they are technologically competent or have no idea how Monero works. A user needs to confidently trust Monero in a way that this person does not feel pressured into changing their spending habits for risk of others finding out.
decentralization: Decentralization
decentralization_para: Monero is committed to providing the maximum amount of decentralization. With Monero, you do not have to trust anyone else on the network, and it is not run by any large group. An accessible “Proof of Work” algorithm makes it easy to mine Monero on normal computers, which makes it more difficult for someone to purchase a large amount of mining power. Nodes connect to each other with I2P to lower the risks of revealing sensitive transaction information and censorship (tba). Development decisions are extremely clear and open to public discussion. Developer meeting logs are published online in their entirety and visible by all.
developer-guides:
translated: "yes"
outdated: "Please note: the guides below are currently out of date, but are considered a good starting point for most calls."
@ -373,6 +373,7 @@ user-guides:
import-blockchain: Importing the Monero blockchain
monero-tools: Monero Tools
purchasing-storing: Securely purchasing and storing Monero
verify-allos: Verify binaries on Linux, Mac, or Windows command line (advanced)
verify-windows: Verify binaries on Windows (beginner)
mine-on-pool: How to mine on a pool with xmr-stak-cpu
solo-mine: How to solo mine with the GUI
@ -427,7 +428,7 @@ blog:
author: Posted by
date: Posted at
forum: Click here to join the discussion for this entry on the Monero Forum
tags:
all: Articles by Tag
notags: There are no posts for this tag.

View file

@ -0,0 +1,184 @@
{% include untranslated.html %}
# Binary Verification: Linux, Mac, or Windows Using CLI Tools (Advanced)
Verification of the Monero binary files should be done prior to extracting, installing, or using the Monero software. This is the only way to ensure that you are using the official Monero software. If you receive a fake Monero binary (eg. phishing, MITM, etc.), following this guide will protect you from being tricked into using it.
To protect the integrity of the binaries the Monero team provides a cryptographically signed list of all the [SHA256](https://en.wikipedia.org/wiki/SHA-2) hashes. If your downloaded binary has been tampered with it will be produce a [different hash](https://en.wikipedia.org/wiki/File_verification) than the one in the file.
This is an advanced guide for Linux, Mac, or Windows operating systems and will make use of the command line. It will walk you through the process of installing the required software, importing the signing key, downloading the necessary files, and finally verifying that your binary is authentic.
## Table of Contents:
### [1. Install GnuPG](#1-installing-gnupg)
### [2. Verify & Import Signing Key](#2-verify-and-import-signing-key)
+ [2.1. Get Signing Key](#21-get-signing-key)
+ [2.2. Verify Signing key](#22-verify-signing-key)
+ [2.3. Import Signing key](#23-import-signing-key)
### [3. Download & Verify Hash File](#3-download-and-verify-hash-file)
+ [3.1. Get Hash File](#31-get-hash-file)
+ [3.2. Verify Hash File](#32-verify-hash-file)
### [4. Download & Verify Binary](#4-download-and-verify-binary)
+ [4.1. Get Monero Binary](#41-get-monero-binary)
+ [4.2. Binary Verification on Linux or Mac](#42-binary-verification-on-linux-or-mac)
+ [4.3. Binary Verification on Windows](#43-binary-verification-on-windows)
## 1. Installing GnuPG
+ On Windows, go to the [Gpg4win download page](https://gpg4win.org/download.html) and follow the instructions for installation.
+ On Mac, go to the [Gpgtools download page](https://gpgtools.org/) and follow the instructions for installation.
+ On Linux, GnuPG is installed by default.
## 2. Verify and Import Signing Key
This section will cover getting the Monero signing key, making sure it is correct, and importing the key to GnuPG.
### 2.1. Get Signing Key
On Windows or Mac, go to [Fluffypony's GPG key](https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc), which he uses to sign the Monero binaries, and save the page as `fluffypony.asc` to your home directory.
On Linux, you can download Fluffypony's signing key by issuing the following command:
```
wget -O fluffypony.asc https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc
```
### 2.2. Verify Signing Key
On all operating systems, check the fingerprint of `fluffypony.asc` by issuing the following command in a terminal:
```
gpg --keyid-format long --with-fingerprint fluffypony.asc
```
Verify the fingerprint matches:
```
pub 2048R/7455C5E3C0CDCEB9 2013-04-08 Riccardo Spagni <ric@spagni.net>
Key fingerprint = BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9
sub 2048R/55432DF31CCD4FCD 2013-04-08
```
If the fingerprint **DOES** match, then you may proceed.
If the fingerprint **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the file `fluffypony.asc` and go back to [section 2.1](#21-get-signing-key).
### 2.3. Import Signing Key
From a terminal, import the signing key:
```
gpg --import fluffypony.asc
```
If this is the first time you have imported the key, the output will look like this:
```
gpg: key 0x7455C5E3C0CDCEB9: 2 signatures not checked due to missing keys
gpg: key 0x7455C5E3C0CDCEB9: public key "Riccardo Spagni <ric@spagni.net>" importe
d
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
```
If you have imported the key previously, the output will look like this:
```
gpg: key 0x7455C5E3C0CDCEB9: "Riccardo Spagni <ric@spagni.net>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
```
## 3. Download and Verify Hash File
This section will cover downloading the hash file and verifying its authenticity.
### 3.1. Get Hash File
On Windows or Mac, go to the [hashes file on getmonero.org](https://getmonero.org/downloads/hashes.txt) and save the page as `hashes.txt` to your home directory.
On Linux, you can download the signed hashes file by issuing the following command:
```
wget -O hashes.txt https://getmonero.org/downloads/hashes.txt
```
### 3.2. Verify Hash File
The hash file is signed with key `94B7 38DD 3501 32F5 ACBE EA1D 5543 2DF3 1CCD 4FCD`, which is a subkey of key `BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9` (as reflected in the output below).
On all operating systems, verify the signature of the hash file by issuing the following command in a terminal:
```
gpg --verify hashes.txt
```
If the file is authentic, the output will look like this:
```
gpg: Signature made Thu 05 Apr 2018 06:07:35 AM MDT
gpg: using RSA key 94B738DD350132F5ACBEEA1D55432DF31CCD4FCD
gpg: Good signature from "Riccardo Spagni <ric@spagni.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9
Subkey fingerprint: 94B7 38DD 3501 32F5 ACBE EA1D 5543 2DF3 1CCD 4FCD
```
If your output shows **Good signature**, as in the example, then you may proceed.
If you see **BAD signature** in the output, **DO NOT CONTINUE.** Instead delete the file `hashes.txt` and go back to [section 3.1](#31-get-hash-file).
## 4. Download and Verify Binary
This section will cover downloading the Monero binary for your operating system, getting the `SHA256` hash of your download, and verifying that it is correct.
### 4.1. Get Monero binary
On Windows or Mac, go to [getmonero.org](https://getmonero.org/downloads/) and download the correct file for your operating system. Save the file to your home directory. **Do not extract the files yet.**
On Linux, you can download the command line tools by issuing the following command:
```
wget -O monero-linux-x64-v0.12.0.0.tar.bz2 https://downloads.getmonero.org/cli/linux64
```
### 4.2. Binary Verification on Linux or Mac
The steps for both Linux and Mac are the same. From a terminal, get the `SHA256` hash of your downloaded Monero binary. As an example this guide will use the `Linux, 64bit` GUI binary. Substitute `monero-gui-linux-x64-v0.12.0.0.tar.bz2` with the name of the binary that you downloaded in [section 4.1](#41-get-monero-binary).
```
shasum -a 256 monero-gui-linux-x64-v0.12.0.0.tar.bz2
```
The output will look like this, but will be different for each binary file. Your `SHA256` hash should match the one listed in the `hashes.txt` file for your binary file.
```
fb0f43387b31202f381c918660d9bc32a3d28a4733d391b1625a0e15737c5388 monero-gui-linux-x64-v0.12.0.0.tar.bz2
```
If your hash **DOES** match, then you are finished with the guide! You can extract the files and install.
If your hash **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the binary you downloaded and go back to [section 4.1](#41-get-monero-binary).
### 4.3. Binary Verification on Windows
From a terminal, get the `SHA256` hash of your downloaded Monero binary. As an example this guide will use the `Windows, 64bit` GUI binary. Substitute `monero-gui-win-x64-v0.12.0.0.zip` with the name of the binary that you downloaded in [section 4.1](#41-get-monero-binary).
```
certUtil -hashfile monero-gui-win-x64-v0.12.0.0.zip SHA256
```
The output will look like this, but will be different for each binary file. Your `SHA256` hash should match the one listed in the `hashes.txt` file for your binary file.
```
SHA256 hash of file monero-gui-win-x64-v0.12.0.0.zip:
4b 9f 31 68 6e ca ad 97 cd b1 75 e6 57 4b f3 07 f8 d1 c4 10 42 78 25 f4 30 4c 21 da 8a ac 18 64
CertUtil: -hashfile command completed successfully.
```
If your hash **DOES** match, then you are finished with the guide! You can extract the files and install.
If your hash **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the binary you downloaded and go back to [section 4.1](#41-get-monero-binary).

View file

@ -22,7 +22,7 @@ global:
copyright: Propriété intellectuelle
edit: Modifier cette page
untranslated: Cette page n'a pas encore été traduite. Si vous voulez aider à la traduire, voyez le
titles:
index: Accueil
whatismonero: Qu'est-ce que Monero ?
@ -55,7 +55,7 @@ titles:
ffs-ot: Taches Ouvertes
ffs-wip: Travail en Cours
blogbytag: Blog par Tag
index:
page_title: "Monero - sécurisé, confidentiel, intracable"
@ -141,7 +141,7 @@ downloads:
blockchain1: Si vous préférez utiliser une amorce de la chaîne de blocs, plutôt que de synchroniser à partir de zéro, vous pouvez
blockchain2: utiliser ce lien pour obtenir l'amorce la plus récente.
blockchain3: Il est cependant habituellement plus rapide de synchroniser à partir de zéro, et cela consomme également nettement moins de RAM (l'import est particulièrement gourmand).
hardware1: La communauté Monero vient de financer un
hardware1: La communauté Monero vient de financer un
hardware2: Portefeuille Matériel Dédié
hardware3: qui est en cours d'avancement. De même, Ledger travail sur une
hardware4: intégration de Monero dans leurs portefeuilles matériels.
@ -297,7 +297,7 @@ using:
generate_para1: Vous devez posséder un portefeuille Monero pour sécurisé vos fonds. Regardez la page
generate_para2: Téléchargements
generate_para3: pour trouver une liste des portefeuilles disponibles.
generate_para4: La façon la plus simple de faire fonctionner un nœud Monero, sans affecter votre bande passante, est de louer un VPS (Virtual Private Server). Nous recommandons fortement d'utiliser
generate_para4: La façon la plus simple de faire fonctionner un nœud Monero, sans affecter votre bande passante, est de louer un VPS (Virtual Private Server). Nous recommandons fortement d'utiliser
generate_para5: avec le code de réduction
generate_para6: afin d'obtenir une réduction supplémentaire sur leur tarif déjà abordable de VPS à 6$ par mois. En utilisant ce code de réduction et/ou
generate_para7: notre lien affilié
@ -352,8 +352,8 @@ about:
privacy_para: Monero prend la confidentialité très au sérieux. Monero doit pouvoir protéger ses utilisateurs devant une cours de justice, ou dans les cas les plus extrêmes, de la peine de mort. Ce niveau de confidentialité doit être accessible à tous les utilisateurs, qu'ils disposent ou non de compétences techniques et aient ou non la moindre idée du fonctionnement interne de Monero. Un utilisateur doit pouvoir être en totale confiance avec Monero de sorte qu'il ne puisse se sentir contraint à modifier ses habitudes de paiement de peur que d'autres ne s'en rendent compte.
decentralization: Décentralisation
decentralization_para: Monero s'engage à fournir le maximum de décentralisation possible. Avec Monero, vous n'avez besoin de faire confiance à personne sur le réseau, et il n'est géré par aucun grand groupe. Un algorithme de « Preuve de Travail » (Proof of Work) accessible facilite l'extraction minière de Monero sur des ordinateurs normaux, ce qui rend plus difficile l'achat d'une grande quantité de puissance minière. Les nœuds se connectent les uns aux autres grâce à I2P pour réduire les risques de révélation des informations sensibles sur les transactions et de censure (disponible bientôt). Les décisions de développement sont extrêmement claires et ouvertes à discussion publique. Les compte-rendus des réunions des développeurs sont intégralement publiés en ligne et disponibles publiquement.
developer-guides:
translated: "yes"
outdated: Attention, les guides ci-dessous sont actuellement obsolètes, mais sont considérés comme de bons points de départ pour la plupart des appels de procédures distantes.
@ -373,6 +373,7 @@ user-guides:
import-blockchain: Importer la chaîne de blocs Monero
monero-tools: Outils Monero
purchasing-storing: Acheter et Conserver Monero en toute sécurité
verify-allos: Vérifier des binaires sur Linux, Mac ou Windows en ligne de commande (avancé)
verify-windows: Vérifier des binaires sur Windows (Débutant)
mine-on-pool: Comment miner sur un pool avec xmr-stak-cpu
solo-mine: Comment miner en solo avec la GUI
@ -398,8 +399,8 @@ research-lab:
translated: "yes"
intro: Monero ne s'engage pas seulement à créer une monnaie fongible, mais également à continuer la recherche dans le domaine de la confidentialité financière qu'impliquent les cryptomonnaies. Vous trouverez ci-dessous le résultat du travail de notre Laboratoire de Recherche Monero, d'autres rapports s'y ajouterons.
mrl_papers: Rapports du Laboratoire de Recherche Monero
abstract: Résumé
introduction: Introduction
abstract: Résumé
introduction: Introduction
read-paper: Lire le rapport complet (en Anglais)
mrl1: Rapport des réaction de la chaine à la traçabilité dans CryptoNote 2.0
mrl1_abstract: Ce bulletin de recherche décrit une attaque plausible sur un système anonyme basé sur les signatures de cercle. Nous nous appuyons sur le protocol de cryptomonnaie CryptoNote 2.0 apparemment publié par Nicolas van Saberhagen en 2012. Il a déjà été démontré que l'intraçabilité obscurcissant une pair de clefs à usage unique peut être dépendant de l'intraçabilité de toutes les clefs utilisées dans la composition de cette signature de cercle. Cela rend possible des réactions en chaine de la traçabilité entre les signatures de cercle, pouvant causer une réduction drastique de l'intraçabilité de l'ensemble du réseau si les paramètres sont piètrement choisis et si un attaquant possède un pourcentage suffisant du réseau. Les signatures sont cependant toujours à usage unique, et une telle attaque ne permettrait pas nécessairement de violer l'anonymat des utilisateurs. Cependant, une telle attaque pourrait potentiellement réduire la résistance dont fait preuve CryptoNote contre l'analyse de la chaîne de blocs. Ce bulletin de recherche n'a pas fait l'objet d'un examen par des tiers, et ne reflète que les résultats d'investigations internes.
@ -427,7 +428,7 @@ blog:
author: Publiés par
date: Publiés à
forum: Cliquer ici pour participer à la discussion de cet entrée sur le Forum Monero
tags:
all: Articles par Tag
notags: Il n'y a aucun post pour ce tag.

View file

@ -0,0 +1,184 @@
{% include untranslated.html %}
# Binary Verification: Linux, Mac, or Windows Using CLI Tools (Advanced)
Verification of the Monero binary files should be done prior to extracting, installing, or using the Monero software. This is the only way to ensure that you are using the official Monero software. If you receive a fake Monero binary (eg. phishing, MITM, etc.), following this guide will protect you from being tricked into using it.
To protect the integrity of the binaries the Monero team provides a cryptographically signed list of all the [SHA256](https://en.wikipedia.org/wiki/SHA-2) hashes. If your downloaded binary has been tampered with it will be produce a [different hash](https://en.wikipedia.org/wiki/File_verification) than the one in the file.
This is an advanced guide for Linux, Mac, or Windows operating systems and will make use of the command line. It will walk you through the process of installing the required software, importing the signing key, downloading the necessary files, and finally verifying that your binary is authentic.
## Table of Contents:
### [1. Install GnuPG](#1-installing-gnupg)
### [2. Verify & Import Signing Key](#2-verify-and-import-signing-key)
+ [2.1. Get Signing Key](#21-get-signing-key)
+ [2.2. Verify Signing key](#22-verify-signing-key)
+ [2.3. Import Signing key](#23-import-signing-key)
### [3. Download & Verify Hash File](#3-download-and-verify-hash-file)
+ [3.1. Get Hash File](#31-get-hash-file)
+ [3.2. Verify Hash File](#32-verify-hash-file)
### [4. Download & Verify Binary](#4-download-and-verify-binary)
+ [4.1. Get Monero Binary](#41-get-monero-binary)
+ [4.2. Binary Verification on Linux or Mac](#42-binary-verification-on-linux-or-mac)
+ [4.3. Binary Verification on Windows](#43-binary-verification-on-windows)
## 1. Installing GnuPG
+ On Windows, go to the [Gpg4win download page](https://gpg4win.org/download.html) and follow the instructions for installation.
+ On Mac, go to the [Gpgtools download page](https://gpgtools.org/) and follow the instructions for installation.
+ On Linux, GnuPG is installed by default.
## 2. Verify and Import Signing Key
This section will cover getting the Monero signing key, making sure it is correct, and importing the key to GnuPG.
### 2.1. Get Signing Key
On Windows or Mac, go to [Fluffypony's GPG key](https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc), which he uses to sign the Monero binaries, and save the page as `fluffypony.asc` to your home directory.
On Linux, you can download Fluffypony's signing key by issuing the following command:
```
wget -O fluffypony.asc https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc
```
### 2.2. Verify Signing Key
On all operating systems, check the fingerprint of `fluffypony.asc` by issuing the following command in a terminal:
```
gpg --keyid-format long --with-fingerprint fluffypony.asc
```
Verify the fingerprint matches:
```
pub 2048R/7455C5E3C0CDCEB9 2013-04-08 Riccardo Spagni <ric@spagni.net>
Key fingerprint = BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9
sub 2048R/55432DF31CCD4FCD 2013-04-08
```
If the fingerprint **DOES** match, then you may proceed.
If the fingerprint **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the file `fluffypony.asc` and go back to [section 2.1](#21-get-signing-key).
### 2.3. Import Signing Key
From a terminal, import the signing key:
```
gpg --import fluffypony.asc
```
If this is the first time you have imported the key, the output will look like this:
```
gpg: key 0x7455C5E3C0CDCEB9: 2 signatures not checked due to missing keys
gpg: key 0x7455C5E3C0CDCEB9: public key "Riccardo Spagni <ric@spagni.net>" importe
d
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
```
If you have imported the key previously, the output will look like this:
```
gpg: key 0x7455C5E3C0CDCEB9: "Riccardo Spagni <ric@spagni.net>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
```
## 3. Download and Verify Hash File
This section will cover downloading the hash file and verifying its authenticity.
### 3.1. Get Hash File
On Windows or Mac, go to the [hashes file on getmonero.org](https://getmonero.org/downloads/hashes.txt) and save the page as `hashes.txt` to your home directory.
On Linux, you can download the signed hashes file by issuing the following command:
```
wget -O hashes.txt https://getmonero.org/downloads/hashes.txt
```
### 3.2. Verify Hash File
The hash file is signed with key `94B7 38DD 3501 32F5 ACBE EA1D 5543 2DF3 1CCD 4FCD`, which is a subkey of key `BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9` (as reflected in the output below).
On all operating systems, verify the signature of the hash file by issuing the following command in a terminal:
```
gpg --verify hashes.txt
```
If the file is authentic, the output will look like this:
```
gpg: Signature made Thu 05 Apr 2018 06:07:35 AM MDT
gpg: using RSA key 94B738DD350132F5ACBEEA1D55432DF31CCD4FCD
gpg: Good signature from "Riccardo Spagni <ric@spagni.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9
Subkey fingerprint: 94B7 38DD 3501 32F5 ACBE EA1D 5543 2DF3 1CCD 4FCD
```
If your output shows **Good signature**, as in the example, then you may proceed.
If you see **BAD signature** in the output, **DO NOT CONTINUE.** Instead delete the file `hashes.txt` and go back to [section 3.1](#31-get-hash-file).
## 4. Download and Verify Binary
This section will cover downloading the Monero binary for your operating system, getting the `SHA256` hash of your download, and verifying that it is correct.
### 4.1. Get Monero binary
On Windows or Mac, go to [getmonero.org](https://getmonero.org/downloads/) and download the correct file for your operating system. Save the file to your home directory. **Do not extract the files yet.**
On Linux, you can download the command line tools by issuing the following command:
```
wget -O monero-linux-x64-v0.12.0.0.tar.bz2 https://downloads.getmonero.org/cli/linux64
```
### 4.2. Binary Verification on Linux or Mac
The steps for both Linux and Mac are the same. From a terminal, get the `SHA256` hash of your downloaded Monero binary. As an example this guide will use the `Linux, 64bit` GUI binary. Substitute `monero-gui-linux-x64-v0.12.0.0.tar.bz2` with the name of the binary that you downloaded in [section 4.1](#41-get-monero-binary).
```
shasum -a 256 monero-gui-linux-x64-v0.12.0.0.tar.bz2
```
The output will look like this, but will be different for each binary file. Your `SHA256` hash should match the one listed in the `hashes.txt` file for your binary file.
```
fb0f43387b31202f381c918660d9bc32a3d28a4733d391b1625a0e15737c5388 monero-gui-linux-x64-v0.12.0.0.tar.bz2
```
If your hash **DOES** match, then you are finished with the guide! You can extract the files and install.
If your hash **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the binary you downloaded and go back to [section 4.1](#41-get-monero-binary).
### 4.3. Binary Verification on Windows
From a terminal, get the `SHA256` hash of your downloaded Monero binary. As an example this guide will use the `Windows, 64bit` GUI binary. Substitute `monero-gui-win-x64-v0.12.0.0.zip` with the name of the binary that you downloaded in [section 4.1](#41-get-monero-binary).
```
certUtil -hashfile monero-gui-win-x64-v0.12.0.0.zip SHA256
```
The output will look like this, but will be different for each binary file. Your `SHA256` hash should match the one listed in the `hashes.txt` file for your binary file.
```
SHA256 hash of file monero-gui-win-x64-v0.12.0.0.zip:
4b 9f 31 68 6e ca ad 97 cd b1 75 e6 57 4b f3 07 f8 d1 c4 10 42 78 25 f4 30 4c 21 da 8a ac 18 64
CertUtil: -hashfile command completed successfully.
```
If your hash **DOES** match, then you are finished with the guide! You can extract the files and install.
If your hash **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the binary you downloaded and go back to [section 4.1](#41-get-monero-binary).

View file

@ -21,7 +21,7 @@ global:
privacy: Privacy
copyright: Copyright
untranslated: Questa pagina non è ancora stata tradotta. Se vuoi aiutare a tradurla vedi il
titles:
index: Home
whatismonero: Cos'è Monero (XMR)?
@ -54,7 +54,7 @@ titles:
ffs-ot: Task aperti
ffs-wip: Lavori in Corso
blogbytag: Blog per Tag
index:
page_title: "Monero - sicuro, privato, non tracciabile"
@ -105,7 +105,7 @@ hangouts:
merchants:
translated: "no"
intro1: Merchants of all kinds have come to value the financial privacy that Monero brings. Below is a list of the merchants that we know of that currently accept Monero for their goods and services. If a company no longer accepts Monero or you would like your business to be listed, please
intro1: Merchants of all kinds have come to value the financial privacy that Monero brings. Below is a list of the merchants that we know of that currently accept Monero for their goods and services. If a company no longer accepts Monero or you would like your business to be listed, please
intro2: open a GitHub issue and let us know.
disclaimer: |
"Please note: these links are being provided as a convenience and for informational purposes only; they do not constitute an endorsement by the Monero community of any products, services or opinions of the corporations or organizations or individuals listed. The Monero community bears no responsibility for the accuracy, legality, or content of these external sites. Contact the external site for answers to questions regarding its content. As always, caveat emptor ('buyer beware'); you are responsible for doing your own research. Always use judgement when making online purchases."
@ -177,7 +177,7 @@ accepting:
translated: "yes"
title: Istruzioni per l'interfaccia a riga di comando (CLI)
basics: Le Basi
basics_para1: Monero lavora in modo leggermente diverso rispetto a quanto sei stato/a abituato/a con le altre @criptovalute. Nel caso di una moneta digitale come Bitcoin e le sue innumerevoli derivate, i sistemi di pagamento dei venditori in genere creano un nuovo indirizzo di destinazione per ogni pagamento o cliente.
basics_para1: Monero lavora in modo leggermente diverso rispetto a quanto sei stato/a abituato/a con le altre @criptovalute. Nel caso di una moneta digitale come Bitcoin e le sue innumerevoli derivate, i sistemi di pagamento dei venditori in genere creano un nuovo indirizzo di destinazione per ogni pagamento o cliente.
basics_para2: Invece, dal momento che Monero fornisce gli @indirizzi-stealth, non c'è alcun bisogno di gestire indirizzi di destinazione separati per ogni pagamento o cliente, e può essere reso noto solamente un indirizzo di pagamento per tutti. Al momento di ricevere un pagamento, il venditore fornirà al cliente un "ID pagamento".
basics_para3: "Un @ID-pagamento è una stringa esadecimale lunga 64 caratteri ed è generalmente creata in modo casuale dal venditore. Un esempio di ID pagamento è:"
checking: Controllare lo stato di un pagamento in monero-wallet-cli
@ -187,9 +187,9 @@ accepting:
receiving: Ricevere un pagamento passo dopo passo
receiving_list1: Genera una stringa casuale di 64 caratteri esadecimali per il pagamento (ID pagamento)
receiving_list2: Comunica l'ID pagamento generato nonché il tuo indirizzo Monero a chi vuole effettuare un pagamento
receiving_list3: A seguito del pagamento, controlla il suo stato usando il comando "payments" in monero-wallet-cli
receiving_list3: A seguito del pagamento, controlla il suo stato usando il comando "payments" in monero-wallet-cli
program: Controllare lo stato di un pagamento in modo programmatico
program_para1: Per controllare lo stato dei pagamenti in modo programmatico puoi utilizzare le chiamate API JSON RPC get_payments o get_bulk_payments.
program_para1: Per controllare lo stato dei pagamenti in modo programmatico puoi utilizzare le chiamate API JSON RPC get_payments o get_bulk_payments.
program_para2: richiede un parametro payment_id con un ID pagamento singolo.
program_para3: questo è il metodo da preferire e richiede due parametri, payment_ids (un array JSON di più ID pagamento) e un parametro opzionale min_block_height (l'altezza del blocco da cui iniziare la scansione).
program_para4: |
@ -212,7 +212,7 @@ contributing:
develop_para3: e i
develop_para4: problemi in sospeso..
full-node: Esegui un nodo locale
full-node_para: Esegui monerod con la porta 18080 aperta. Far girare un nodo locale assicura la massima privacy nelle transazioni Monero. La presenza del tuo nodo locale sulla rete migliora inoltre la distribuzione della blockchain ai nuovi utenti.
full-node_para: Esegui monerod con la porta 18080 aperta. Far girare un nodo locale assicura la massima privacy nelle transazioni Monero. La presenza del tuo nodo locale sulla rete migliora inoltre la distribuzione della blockchain ai nuovi utenti.
mine: Mina
mine_para1: Il mining assicura che la rete Monero resti decentralizzata e sicura. Il mining in background può essere attivato usando sia l'interfaccia grafica sia quella a riga di comando di Monero. Ulteriori informazioni sul mining (in lingua inglese) possono essere trovate
mine_para2: qui.
@ -259,7 +259,7 @@ faq:
a11: La fungibilità è una semplice proprietà di una moneta secondo cui non esistono differenze fra due unità monetarie. Se due persone si scambiano una moneta da 10 per due da 5, nessuno perde nulla. Supponiamo però che tutti siano a conoscenza del fatto che la moneta da 10 è stata usata precedentemente in un attacco ransomware. La persona che cede le due monete da 5 per quella da 10 sarebbe ancora disposta ad effettuare il cambio? Probabilmente no, anche se la persona che possiede la moneta da 10 non ha nulla a che vedere con l'attacco ransomware. Questo è un problema, dal momento che chi riceve denaro deve costantemente controllare che il denaro ricevuto non sia "segnato". Monero è fungibile, il che significa che chi lo utilizza non ha bisogno di effettuare questi controlli.
q12: Se Monero è così privato come facciamo ad essere sicuri che non venga creata moneta dal nulla?
a12-1: In Monero, ogni output della transazione è associato in modo univoco con un'immagine chiave (key image) che può essere generata solamente dal detentore di quell'output. Immagini chiave che sono usate più di una volta vengono rigettate dai minatori in quanto ritenute tentativi di double-spending e non possono essere aggiunte ad un blocco valido. Quando la rete riceve una nuova transazione, i minatori verificano che l'immagine chiave associata alla transazione non esista già e non sia già stata associata ad una transazione precedente per assicurarsi che non si tratti di un double-spend.
a12-2: E' anche possibile verificare la validità dell'ammontare della transazione anche se il valore degli input che si stanno spendendo ed il valore degli output che si stanno inviando sono cifrati (offuscati per tutti tranne che per il destinatario della transazione). Poiché l'ammontare è cifrato mediante l'utilizzo dei "Pedersen commitment", gli osservatori, seppur non in grado di risalire all'ammontare della transazione, tramite la matematica alla base dei "Pedersen commitment" sono in grado di verificare che non vengano creati Monero dal nulla.
a12-2: E' anche possibile verificare la validità dell'ammontare della transazione anche se il valore degli input che si stanno spendendo ed il valore degli output che si stanno inviando sono cifrati (offuscati per tutti tranne che per il destinatario della transazione). Poiché l'ammontare è cifrato mediante l'utilizzo dei "Pedersen commitment", gli osservatori, seppur non in grado di risalire all'ammontare della transazione, tramite la matematica alla base dei "Pedersen commitment" sono in grado di verificare che non vengano creati Monero dal nulla.
a12-3: Fintanto che la somma degli output cifrati è uguale alla somma degli input cifrati che vengono spesi (la somma degli output include un output per il destinatario, il resto verso chi ha iniziato la transazione e la commissione non cifrata per la transazione), la transazione è considerata legittima e nessun Monero viene creato dal nulla. I "Pedersen commitment" consentono la verifica di uguaglianza delle somme in ingresso e in uscita della transazione senza conoscere i valori che singolarmente sono indeterminabili.
mining:
@ -352,8 +352,8 @@ about:
privacy_para: Monero takes privacy seriously. Monero needs to be able to protect users in a court of law and, in extreme cases, from the death penalty. This level of privacy must be completely accessible to all users, whether they are technologically competent or have no idea how Monero works. A user needs to confidently trust Monero in a way that this person does not feel pressured into changing their spending habits for risk of others finding out.
decentralization: Decentralization
decentralization_para: Monero is committed to providing the maximum amount of decentralization. With Monero, you do not have to trust anyone else on the network, and it is not run by any large group. An accessible “Proof of Work” algorithm makes it easy to mine Monero on normal computers, which makes it more difficult for someone to purchase a large amount of mining power. Nodes connect to each other with I2P to lower the risks of revealing sensitive transaction information and censorship (tba). Development decisions are extremely clear and open to public discussion. Developer meeting logs are published online in their entirety and visible by all.
developer-guides:
translated: "no"
outdated: "Please note: the guides below are currently out of date, but are considered a good starting point for most calls."
@ -373,6 +373,7 @@ user-guides:
import-blockchain: Importing the Monero blockchain
monero-tools: Monero Tools
purchasing-storing: Securely purchasing and storing Monero
verify-allos: Verify binaries on Linux, Mac, or Windows command line (advanced)
verify-windows: Verify binaries on Windows (beginner)
mine-on-pool: How to mine on a pool with xmr-stak-cpu
solo-mine: How to solo mine with the GUI
@ -427,7 +428,7 @@ blog:
author: Postato da
date: Postato su
forum: Clicca qui per unirti alla discussione per questa voce sul Forum Monero
tags:
all: Articoli per Tag
notags: Non ci sono post con questo tag.

View file

@ -0,0 +1,184 @@
{% include untranslated.html %}
# Binary Verification: Linux, Mac, or Windows Using CLI Tools (Advanced)
Verification of the Monero binary files should be done prior to extracting, installing, or using the Monero software. This is the only way to ensure that you are using the official Monero software. If you receive a fake Monero binary (eg. phishing, MITM, etc.), following this guide will protect you from being tricked into using it.
To protect the integrity of the binaries the Monero team provides a cryptographically signed list of all the [SHA256](https://en.wikipedia.org/wiki/SHA-2) hashes. If your downloaded binary has been tampered with it will be produce a [different hash](https://en.wikipedia.org/wiki/File_verification) than the one in the file.
This is an advanced guide for Linux, Mac, or Windows operating systems and will make use of the command line. It will walk you through the process of installing the required software, importing the signing key, downloading the necessary files, and finally verifying that your binary is authentic.
## Table of Contents:
### [1. Install GnuPG](#1-installing-gnupg)
### [2. Verify & Import Signing Key](#2-verify-and-import-signing-key)
+ [2.1. Get Signing Key](#21-get-signing-key)
+ [2.2. Verify Signing key](#22-verify-signing-key)
+ [2.3. Import Signing key](#23-import-signing-key)
### [3. Download & Verify Hash File](#3-download-and-verify-hash-file)
+ [3.1. Get Hash File](#31-get-hash-file)
+ [3.2. Verify Hash File](#32-verify-hash-file)
### [4. Download & Verify Binary](#4-download-and-verify-binary)
+ [4.1. Get Monero Binary](#41-get-monero-binary)
+ [4.2. Binary Verification on Linux or Mac](#42-binary-verification-on-linux-or-mac)
+ [4.3. Binary Verification on Windows](#43-binary-verification-on-windows)
## 1. Installing GnuPG
+ On Windows, go to the [Gpg4win download page](https://gpg4win.org/download.html) and follow the instructions for installation.
+ On Mac, go to the [Gpgtools download page](https://gpgtools.org/) and follow the instructions for installation.
+ On Linux, GnuPG is installed by default.
## 2. Verify and Import Signing Key
This section will cover getting the Monero signing key, making sure it is correct, and importing the key to GnuPG.
### 2.1. Get Signing Key
On Windows or Mac, go to [Fluffypony's GPG key](https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc), which he uses to sign the Monero binaries, and save the page as `fluffypony.asc` to your home directory.
On Linux, you can download Fluffypony's signing key by issuing the following command:
```
wget -O fluffypony.asc https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc
```
### 2.2. Verify Signing Key
On all operating systems, check the fingerprint of `fluffypony.asc` by issuing the following command in a terminal:
```
gpg --keyid-format long --with-fingerprint fluffypony.asc
```
Verify the fingerprint matches:
```
pub 2048R/7455C5E3C0CDCEB9 2013-04-08 Riccardo Spagni <ric@spagni.net>
Key fingerprint = BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9
sub 2048R/55432DF31CCD4FCD 2013-04-08
```
If the fingerprint **DOES** match, then you may proceed.
If the fingerprint **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the file `fluffypony.asc` and go back to [section 2.1](#21-get-signing-key).
### 2.3. Import Signing Key
From a terminal, import the signing key:
```
gpg --import fluffypony.asc
```
If this is the first time you have imported the key, the output will look like this:
```
gpg: key 0x7455C5E3C0CDCEB9: 2 signatures not checked due to missing keys
gpg: key 0x7455C5E3C0CDCEB9: public key "Riccardo Spagni <ric@spagni.net>" importe
d
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
```
If you have imported the key previously, the output will look like this:
```
gpg: key 0x7455C5E3C0CDCEB9: "Riccardo Spagni <ric@spagni.net>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
```
## 3. Download and Verify Hash File
This section will cover downloading the hash file and verifying its authenticity.
### 3.1. Get Hash File
On Windows or Mac, go to the [hashes file on getmonero.org](https://getmonero.org/downloads/hashes.txt) and save the page as `hashes.txt` to your home directory.
On Linux, you can download the signed hashes file by issuing the following command:
```
wget -O hashes.txt https://getmonero.org/downloads/hashes.txt
```
### 3.2. Verify Hash File
The hash file is signed with key `94B7 38DD 3501 32F5 ACBE EA1D 5543 2DF3 1CCD 4FCD`, which is a subkey of key `BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9` (as reflected in the output below).
On all operating systems, verify the signature of the hash file by issuing the following command in a terminal:
```
gpg --verify hashes.txt
```
If the file is authentic, the output will look like this:
```
gpg: Signature made Thu 05 Apr 2018 06:07:35 AM MDT
gpg: using RSA key 94B738DD350132F5ACBEEA1D55432DF31CCD4FCD
gpg: Good signature from "Riccardo Spagni <ric@spagni.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9
Subkey fingerprint: 94B7 38DD 3501 32F5 ACBE EA1D 5543 2DF3 1CCD 4FCD
```
If your output shows **Good signature**, as in the example, then you may proceed.
If you see **BAD signature** in the output, **DO NOT CONTINUE.** Instead delete the file `hashes.txt` and go back to [section 3.1](#31-get-hash-file).
## 4. Download and Verify Binary
This section will cover downloading the Monero binary for your operating system, getting the `SHA256` hash of your download, and verifying that it is correct.
### 4.1. Get Monero binary
On Windows or Mac, go to [getmonero.org](https://getmonero.org/downloads/) and download the correct file for your operating system. Save the file to your home directory. **Do not extract the files yet.**
On Linux, you can download the command line tools by issuing the following command:
```
wget -O monero-linux-x64-v0.12.0.0.tar.bz2 https://downloads.getmonero.org/cli/linux64
```
### 4.2. Binary Verification on Linux or Mac
The steps for both Linux and Mac are the same. From a terminal, get the `SHA256` hash of your downloaded Monero binary. As an example this guide will use the `Linux, 64bit` GUI binary. Substitute `monero-gui-linux-x64-v0.12.0.0.tar.bz2` with the name of the binary that you downloaded in [section 4.1](#41-get-monero-binary).
```
shasum -a 256 monero-gui-linux-x64-v0.12.0.0.tar.bz2
```
The output will look like this, but will be different for each binary file. Your `SHA256` hash should match the one listed in the `hashes.txt` file for your binary file.
```
fb0f43387b31202f381c918660d9bc32a3d28a4733d391b1625a0e15737c5388 monero-gui-linux-x64-v0.12.0.0.tar.bz2
```
If your hash **DOES** match, then you are finished with the guide! You can extract the files and install.
If your hash **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the binary you downloaded and go back to [section 4.1](#41-get-monero-binary).
### 4.3. Binary Verification on Windows
From a terminal, get the `SHA256` hash of your downloaded Monero binary. As an example this guide will use the `Windows, 64bit` GUI binary. Substitute `monero-gui-win-x64-v0.12.0.0.zip` with the name of the binary that you downloaded in [section 4.1](#41-get-monero-binary).
```
certUtil -hashfile monero-gui-win-x64-v0.12.0.0.zip SHA256
```
The output will look like this, but will be different for each binary file. Your `SHA256` hash should match the one listed in the `hashes.txt` file for your binary file.
```
SHA256 hash of file monero-gui-win-x64-v0.12.0.0.zip:
4b 9f 31 68 6e ca ad 97 cd b1 75 e6 57 4b f3 07 f8 d1 c4 10 42 78 25 f4 30 4c 21 da 8a ac 18 64
CertUtil: -hashfile command completed successfully.
```
If your hash **DOES** match, then you are finished with the guide! You can extract the files and install.
If your hash **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the binary you downloaded and go back to [section 4.1](#41-get-monero-binary).

View file

@ -22,7 +22,7 @@ global:
copyright: Prawa autorskie
edit: Edytuj tę stronę
untranslated: Ta strona jeszcze nie została przetłumaczona. Jeśli chcesz pomóc w jej tłumaczeniu, przejdź do
titles:
index: Start
whatismonero: Czym jest Monero (XMR)?
@ -55,7 +55,7 @@ titles:
ffs-ot: Zadania otwarte
ffs-wip: Prace w toku
blogbytag: Blog po tagu
index:
page_title: "Monero - bezpieczne, prywatne, niewykrywalne"
@ -106,7 +106,7 @@ hangouts:
merchants:
translated: "yes"
intro1: Różnego rodzaju handlowcy doceniają finansową prywatność, jakiej dostarcza Monero. Poniżej znajduje się lista organizacji, o których wiemy, że akceptują Monero jako środek płatniczy za swoje produkty i usługi. Jeśli któraś z nich już nie uznaje Monero lub chciałbyś, żeby Twoja firma znalazła się na liście,
intro1: Różnego rodzaju handlowcy doceniają finansową prywatność, jakiej dostarcza Monero. Poniżej znajduje się lista organizacji, o których wiemy, że akceptują Monero jako środek płatniczy za swoje produkty i usługi. Jeśli któraś z nich już nie uznaje Monero lub chciałbyś, żeby Twoja firma znalazła się na liście,
intro2: załóż wątek na GitHub i daj nam znać.
disclaimer: "Uwaga: powyższe linki są jedynie udogodnieniem i służą tylko do celów informacyjnych; nie reprezentują one wsparcia społeczności Monero dla żadnego z produktów, usług ani opinii wymienionych organizacji lub osób. Społeczność Monero nie bierze odpowiedzialności za zgodność, legalność ani treść tych zewnętrznych stron. W przypadku wątpliwości związanych z treścią linków, skontaktuj się z właścicielami zewnętrznej strony. Jesteś odpowiedzialny za swoje wyszukiwania. Zawsze przemyśl swój internetowy zakup."
@ -118,7 +118,7 @@ team:
translated: "yes"
core: Centrum
developers: Deweloperzy
developers_para1: W Projekcie Monero wzięło udział ponad 200 twórców. Aby zobaczyć całą listę, wejdź na
developers_para1: W Projekcie Monero wzięło udział ponad 200 twórców. Aby zobaczyć całą listę, wejdź na
developers_para2: stronę twórców OpenHub.
developers_para3: Poniżej znajdziesz listę osób, które szczególnie się przyczyniły dla Monero.
community: Społeczność
@ -352,9 +352,9 @@ about:
privacy: Prywatność
privacy_para: Monero bierze prywatność na serio. Monero musi być w stanie chronić swoich użytkowników w sądzie, a także, w ekstremalnych przypadkach, od kary śmierci. Taki poziom bezpieczeństwa musi być w całości dostępny dla wszystkich użytkowników, niezależnie od tego, czy posiadają oni wiedzę technologiczną, czy nie mają pojęcia, jak działa Monero. Użytkownik powinien w zupełności ufać Monero, aby nie czuł się zobowiązany do zmiany swojego sposobu płatności pod ryzykiem zostania wykrytym przez innych.
decentralization: Decentralizacja
decentralization_para: Monero jest zobowiązane do dostarczenia maksymalnej decentralizacji. Nie musisz ufać nikomu w sieci, Monero nie jest prowadzone przez żadną dużą grupę. Dostępny algorytm dowodu pracy ułatwia wydobywanie Monero na zwykłych komputerach, co utrudnia nabycie przez jednostkę znacznej mocy wydobywczej. Węzły łączą się za pomocą sieci I2P, aby zmniejszyć ryzyko cenzury oraz ujawnienia wrażliwych informacji dotyczących transakcji. Decyzje o rozwoju są jasne i otwarte na publiczną dyskusję. Zapisy z czatów deweloperów są w całości publikowane na stronie internetowej i są widoczne dla wszystkich.
decentralization_para: Monero jest zobowiązane do dostarczenia maksymalnej decentralizacji. Nie musisz ufać nikomu w sieci, Monero nie jest prowadzone przez żadną dużą grupę. Dostępny algorytm dowodu pracy ułatwia wydobywanie Monero na zwykłych komputerach, co utrudnia nabycie przez jednostkę znacznej mocy wydobywczej. Węzły łączą się za pomocą sieci I2P, aby zmniejszyć ryzyko cenzury oraz ujawnienia wrażliwych informacji dotyczących transakcji. Decyzje o rozwoju są jasne i otwarte na publiczną dyskusję. Zapisy z czatów deweloperów są w całości publikowane na stronie internetowej i są widoczne dla wszystkich.
developer-guides:
translated: "yes"
outdated: Poniższe przewodniki są zdezaktualizowane, ale nadal są dobrym początkiem dla większości funkcji.
@ -374,13 +374,14 @@ user-guides:
import-blockchain: Importowanie łańcucha bloków Monero
monero-tools: Narzędzia Monero
purchasing-storing: Bezpieczne kupowanie i przechowywanie Monero
verify-windows:
verify-allos:
verify-windows:
mine-on-pool: Jak wydobywać w zrzeszeniu za pomocą xmr-stak-cpu
solo-mine: Jak wydobywać samemu za pomocą Graficznego Interfejsu Użytkownika
mine-docker: Wydobywanie za pomocą Dockera i XMRig
locked-funds: Jak odzyskać zablokowane fundusze
restore-account: Jak odzyskać konto
qubes:
qubes:
cli-wallet: Wprowadzenie do portfela w Interfejsie Wiersza Poleceń
remote-node-gui: Jak się połączyć ze zdalnym węzłem w portfelu Graficznego Interfejsu Użytkownika
view-only: Jak założyć portfel tylko do wyświetlania
@ -428,7 +429,7 @@ blog:
author: Opublikowane przez
date: Opublikowane o
forum: Kliknij, aby dołączyć się do dyskusji na forum Monero
tags:
all: Artykuły po tagu
notags: Nie ma wpisów z tym tagiem.

View file

@ -0,0 +1,184 @@
{% include untranslated.html %}
# Binary Verification: Linux, Mac, or Windows Using CLI Tools (Advanced)
Verification of the Monero binary files should be done prior to extracting, installing, or using the Monero software. This is the only way to ensure that you are using the official Monero software. If you receive a fake Monero binary (eg. phishing, MITM, etc.), following this guide will protect you from being tricked into using it.
To protect the integrity of the binaries the Monero team provides a cryptographically signed list of all the [SHA256](https://en.wikipedia.org/wiki/SHA-2) hashes. If your downloaded binary has been tampered with it will be produce a [different hash](https://en.wikipedia.org/wiki/File_verification) than the one in the file.
This is an advanced guide for Linux, Mac, or Windows operating systems and will make use of the command line. It will walk you through the process of installing the required software, importing the signing key, downloading the necessary files, and finally verifying that your binary is authentic.
## Table of Contents:
### [1. Install GnuPG](#1-installing-gnupg)
### [2. Verify & Import Signing Key](#2-verify-and-import-signing-key)
+ [2.1. Get Signing Key](#21-get-signing-key)
+ [2.2. Verify Signing key](#22-verify-signing-key)
+ [2.3. Import Signing key](#23-import-signing-key)
### [3. Download & Verify Hash File](#3-download-and-verify-hash-file)
+ [3.1. Get Hash File](#31-get-hash-file)
+ [3.2. Verify Hash File](#32-verify-hash-file)
### [4. Download & Verify Binary](#4-download-and-verify-binary)
+ [4.1. Get Monero Binary](#41-get-monero-binary)
+ [4.2. Binary Verification on Linux or Mac](#42-binary-verification-on-linux-or-mac)
+ [4.3. Binary Verification on Windows](#43-binary-verification-on-windows)
## 1. Installing GnuPG
+ On Windows, go to the [Gpg4win download page](https://gpg4win.org/download.html) and follow the instructions for installation.
+ On Mac, go to the [Gpgtools download page](https://gpgtools.org/) and follow the instructions for installation.
+ On Linux, GnuPG is installed by default.
## 2. Verify and Import Signing Key
This section will cover getting the Monero signing key, making sure it is correct, and importing the key to GnuPG.
### 2.1. Get Signing Key
On Windows or Mac, go to [Fluffypony's GPG key](https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc), which he uses to sign the Monero binaries, and save the page as `fluffypony.asc` to your home directory.
On Linux, you can download Fluffypony's signing key by issuing the following command:
```
wget -O fluffypony.asc https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc
```
### 2.2. Verify Signing Key
On all operating systems, check the fingerprint of `fluffypony.asc` by issuing the following command in a terminal:
```
gpg --keyid-format long --with-fingerprint fluffypony.asc
```
Verify the fingerprint matches:
```
pub 2048R/7455C5E3C0CDCEB9 2013-04-08 Riccardo Spagni <ric@spagni.net>
Key fingerprint = BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9
sub 2048R/55432DF31CCD4FCD 2013-04-08
```
If the fingerprint **DOES** match, then you may proceed.
If the fingerprint **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the file `fluffypony.asc` and go back to [section 2.1](#21-get-signing-key).
### 2.3. Import Signing Key
From a terminal, import the signing key:
```
gpg --import fluffypony.asc
```
If this is the first time you have imported the key, the output will look like this:
```
gpg: key 0x7455C5E3C0CDCEB9: 2 signatures not checked due to missing keys
gpg: key 0x7455C5E3C0CDCEB9: public key "Riccardo Spagni <ric@spagni.net>" importe
d
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
```
If you have imported the key previously, the output will look like this:
```
gpg: key 0x7455C5E3C0CDCEB9: "Riccardo Spagni <ric@spagni.net>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
```
## 3. Download and Verify Hash File
This section will cover downloading the hash file and verifying its authenticity.
### 3.1. Get Hash File
On Windows or Mac, go to the [hashes file on getmonero.org](https://getmonero.org/downloads/hashes.txt) and save the page as `hashes.txt` to your home directory.
On Linux, you can download the signed hashes file by issuing the following command:
```
wget -O hashes.txt https://getmonero.org/downloads/hashes.txt
```
### 3.2. Verify Hash File
The hash file is signed with key `94B7 38DD 3501 32F5 ACBE EA1D 5543 2DF3 1CCD 4FCD`, which is a subkey of key `BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9` (as reflected in the output below).
On all operating systems, verify the signature of the hash file by issuing the following command in a terminal:
```
gpg --verify hashes.txt
```
If the file is authentic, the output will look like this:
```
gpg: Signature made Thu 05 Apr 2018 06:07:35 AM MDT
gpg: using RSA key 94B738DD350132F5ACBEEA1D55432DF31CCD4FCD
gpg: Good signature from "Riccardo Spagni <ric@spagni.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9
Subkey fingerprint: 94B7 38DD 3501 32F5 ACBE EA1D 5543 2DF3 1CCD 4FCD
```
If your output shows **Good signature**, as in the example, then you may proceed.
If you see **BAD signature** in the output, **DO NOT CONTINUE.** Instead delete the file `hashes.txt` and go back to [section 3.1](#31-get-hash-file).
## 4. Download and Verify Binary
This section will cover downloading the Monero binary for your operating system, getting the `SHA256` hash of your download, and verifying that it is correct.
### 4.1. Get Monero binary
On Windows or Mac, go to [getmonero.org](https://getmonero.org/downloads/) and download the correct file for your operating system. Save the file to your home directory. **Do not extract the files yet.**
On Linux, you can download the command line tools by issuing the following command:
```
wget -O monero-linux-x64-v0.12.0.0.tar.bz2 https://downloads.getmonero.org/cli/linux64
```
### 4.2. Binary Verification on Linux or Mac
The steps for both Linux and Mac are the same. From a terminal, get the `SHA256` hash of your downloaded Monero binary. As an example this guide will use the `Linux, 64bit` GUI binary. Substitute `monero-gui-linux-x64-v0.12.0.0.tar.bz2` with the name of the binary that you downloaded in [section 4.1](#41-get-monero-binary).
```
shasum -a 256 monero-gui-linux-x64-v0.12.0.0.tar.bz2
```
The output will look like this, but will be different for each binary file. Your `SHA256` hash should match the one listed in the `hashes.txt` file for your binary file.
```
fb0f43387b31202f381c918660d9bc32a3d28a4733d391b1625a0e15737c5388 monero-gui-linux-x64-v0.12.0.0.tar.bz2
```
If your hash **DOES** match, then you are finished with the guide! You can extract the files and install.
If your hash **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the binary you downloaded and go back to [section 4.1](#41-get-monero-binary).
### 4.3. Binary Verification on Windows
From a terminal, get the `SHA256` hash of your downloaded Monero binary. As an example this guide will use the `Windows, 64bit` GUI binary. Substitute `monero-gui-win-x64-v0.12.0.0.zip` with the name of the binary that you downloaded in [section 4.1](#41-get-monero-binary).
```
certUtil -hashfile monero-gui-win-x64-v0.12.0.0.zip SHA256
```
The output will look like this, but will be different for each binary file. Your `SHA256` hash should match the one listed in the `hashes.txt` file for your binary file.
```
SHA256 hash of file monero-gui-win-x64-v0.12.0.0.zip:
4b 9f 31 68 6e ca ad 97 cd b1 75 e6 57 4b f3 07 f8 d1 c4 10 42 78 25 f4 30 4c 21 da 8a ac 18 64
CertUtil: -hashfile command completed successfully.
```
If your hash **DOES** match, then you are finished with the guide! You can extract the files and install.
If your hash **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the binary you downloaded and go back to [section 4.1](#41-get-monero-binary).

View file

@ -19,6 +19,7 @@ title: titles.userguides
<a href="{{site.baseurl}}/resources/user-guides/importing_blockchain.html">{% t user-guides.import-blockchain %}</a>
<a href="{{site.baseurl}}/resources/user-guides/monero_tools.html">{% t user-guides.monero-tools %}</a>
<a href="{{site.baseurl}}/resources/user-guides/securely_purchase.html">{% t user-guides.purchasing-storing %}</a>
<a href="{{site.baseurl}}/resources/user-guides/verification-allos-advanced.html">{% t user-guides.verify-allos %}</a>
<a href="{{site.baseurl}}/resources/user-guides/verification-windows-beginner.html">{% t user-guides.verify-windows %}</a>
</p>
</div>

View file

@ -0,0 +1,7 @@
---
layout: user-guide
title: "Binary Verification: Linux, Mac, or Windows Using CLI Tools (Advanced)"
permalink: /resources/user-guides/verification-allos-advanced.html
---
{% tf resources/user-guides/verification-allos-advanced.md %}