Verification of the Monero binary files should be done prior to extracting,installing, or using the Monero software. This is the only way to ensurethat you are using the official Monero software. If you receive a fakeMonero binary (eg. phishing, MITM, etc.), following this guide will protectyou from being tricked into using it.
Find GnuPG.org software downloads at CNET Download.com, the most comprehensive source for safe, trusted, and spyware-free downloads on the Web. Download: Graphviz.pkg. Security GnuPG 1.4.18. GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. Download: GnuPG.pkg. Widget Toolkits PyGTK 2.24.0.
- Kleopatra is a certificate manager and GUI for GnuPG. The software stores your OpenPGP certificates and keys. It is available for Windows and Linux. In association with the KMail email client, you can also take advantages of the cryptographical features for your communication via email. Donations desired.
- Gnupg-2.0.7.dmg free download. GnuPG for OSX This project provides the toolsets as well as full-featured releases of GnuPG 2.2.x for Mac OS X.
- Download Gpg Mac by admin `cp /.gnupg /.gnupg-GOOD` to save a copy of your `/.gnupg` to revert to later if needed `brew install gnupg21` to install `GnuPG 2.1` The reason for saving a copy of your `/.gnupg` dir is that GnuPG 2.1 potentially creates/changes some key data in way that isn’t backward-compatible with GnuPG 2.0.
To protect the integrity of the binaries the Monero team provides acryptographically signed list of all theSHA256 hashes. If your downloadedbinary has been tampered with it will be produce a differenthash than the one in thefile.
This is an advanced guide for Linux, Mac, or Windows operating systems andwill make use of the command line. It will walk you through the process ofinstalling the required software, importing the signing key, downloading thenecessary files, and finally verifying that your binary is authentic.
Table of Contents:
- Install GnuPG
- Verify & Import Signing Key
- Download & Verify Hash File
- Download & Verify Binary
Installing GnuPG
On Windows, go to the Gpg4win downloadpage and follow the instructions forinstallation.
On Mac, go to the Gpgtools download page andfollow the instructions for installation.
On Linux, GnuPG is installed by default.
Verify and Import Signing Key
This section will cover getting the Monero signing key, making sure it iscorrect, and importing the key to GnuPG.
Get Signing Key
On Windows or Mac, go to binaryFate's GPGkey,which he uses to sign the Monero binaries, and save the page asbinaryfate.asc to your home directory.
On Linux, you can download binaryFate's signing key by issuing the followingcommand:
Verify Signing Key
On all operating systems, check the fingerprint of binaryfate.asc byissuing the following command in a terminal:
gpg --keyid-format long --with-fingerprint binaryfate.asc
Verify the fingerprint matches:
If the fingerprint DOES match, then you may proceed.
If the fingerprint DOES NOT match, DO NOT CONTINUE. Instead deletethe file binaryfate.asc and go back to section 2.1.
Import Signing Key
From a terminal, import the signing key:
gpg --import binaryfate.asc
If this is the first time you have imported the key, the output will looklike this:
If you have imported the key previously, the output will look like this:
Download and Verify Hash File
This section will cover downloading the hash file and verifying itsauthenticity.
Get Hash File
On Windows or Mac, go to the hashes file on getmonero.org and save the page as hashes.txtto your home directory.
On Linux, you can download the signed hashes file by issuing the followingcommand:
wget -O hashes.txt https://www.getmonero.org/downloads/hashes.txt
Verify Hash File
The hash file is signed with key 81AC 591F E9C4 B65C 5806 AFC3 F0AF 4D462A0B DF92, as reflected in the output below.
On all operating systems, verify the signature of the hash file by issuingthe following command in a terminal:
gpg --verify hashes.txt
If the file is authentic, the output will look like this:
If your output shows Good signature, as in the example, then you mayproceed.
If you see BAD signature in the output, DO NOT CONTINUE. Insteaddelete the file hashes.txt and go back to section3.1.
Download and Verify Binary
This section will cover downloading the Monero binary for your operatingsystem, getting the SHA256 hash of your download, and verifying that it iscorrect.
Get Monero binary
On Windows or Mac, go to getmonero.organd download the correct file for your operating system. Save the file toyour home directory. Do not extract the files yet.
On Linux, you can download the command line tools by issuing the followingcommand:
Binary Verification on Linux or Mac
The steps for both Linux and Mac are the same. From a terminal, get theSHA256 hash of your downloaded Monero binary. As an example this guidewill use the Linux, 64bit GUI binary. Substitutemonero-gui-linux-x64-v0.15.0.1.tar.bz2 with the name of the binary thatyou downloaded in section 4.1.
Gnupg Mac Download
The output will look like this, but will be different for each binaryfile. Your SHA256 hash should match the one listed in the hashes.txtfile for your binary file.
If your hash DOES match, then you are finished with the guide! You canextract the files and install.
If your hash DOES NOT match, DO NOT CONTINUE. Instead delete thebinary you downloaded and go back to section 4.1.
Binary Verification on Windows
From a terminal, get the SHA256 hash of your downloaded Monero binary. Asan example this guide will use the Windows, 64bit GUI binary. Substitutemonero-gui-win-x64-v0.15.0.1.zip with the name of the binary that youdownloaded in section 4.1.
certUtil -hashfile monero-gui-win-x64-v0.15.0.1.zip SHA256
The output will look like this, but will be different for each binaryfile. Your SHA256 hash should match the one listed in the hashes.txtfile for your binary file.
If your hash DOES match, then you are finished with the guide! You canextract the files and install.
If your hash DOES NOT match, DO NOT CONTINUE. Instead delete thebinary you downloaded and go back to section 4.1.
20 Sep 2017NB: this post assumes a basic familiarity with PGP. I had almost none before starting, so if you follow the links I provide and spend a little while reading, you’ll be just as qualified to start hacking on this as I was.
I’ve recently become interested in using PGP for secure email communications. I run macOS 10.11 El Capitan, and I decided to install Enigmail, a simple PGP plugin for Thunderbird, to try it out.
Enigmail requires an existing installation of GnuPG. You can get it from the GPG Suite official installer, but I use Homebrew to install new packages whenever possible, to keep things centralized and streamline updates. Homebrew is smart about where it puts packages, and Enigmail is smart about where it looks for them, so this would be a seamless install (cue foreboding music). Step 1: brew install gnupg. Step 2: download and install Enigmail. Step 3: security!
Or so it seemed.
The Enigmail setup wizard successfully generated keys, but failed at the next step with: “The revocation certificate could not be created.” Revocation certificates are important, so this was a serious obstacle.
Gnupg Download Os X
While I was able to find documentation of this error elsewhere, nobody expressly answered the question of “how do you fix this on a Mac without stepping outside the Homebrew ecosystem?” After some digging, I found the problem. Here are the dependencies Homebrew installs with gnupg:
Gnupg Mac Download Torrent
Here’s the problem: pinentry is a program for authenticating to gpg-agent (the program to which GnuPG farms out passphrase entry), but it only runs at the command prompt. Enigmail is looking for a GUI authentication program. Fortunately, the Homebrew package pinentry-mac seems to be exactly that – a GUIfied verison of pinentry.
So, brew install pinentry-mac. Then, in ~/.gnupg/gpg-agent.conf, add the line pinentry-program /usr/local/bin/pinentry-mac. This points gpg-agent to the right authentication program, so that when Enigmail asks for authentication, the user is prompted to enter the password used to encrypt their private key.
Enigmail recommends testing your setup with
However, if you’ve pointed gpg-agent at pinentry-mac, you should instead run
If you see a graphic dialog box pop up, you’ve done it right – pinentry-mac is now capable of asking for your password. Restart gpg-agent (or logout and back in), and you should be able to step through the Enigmail setup wizard without any problems!
I hope this post helps you save some time, and happy encrypting! Oh, and you can find my PGP public key here.