Decred v0.4.0 released
This repository contains the decred installer.
For the release notes, manifests, and released binary achives please go to decred-binaries.
Each release contains a manifest file with sha256 hashes for the binaries in that release. To verify these, you will need:
- SHA256 - Once you download your file(s), you need to check their SHA256 hashes, so you may need to download a tool to do this, depending on your OS.
- GnuPG or PGP - This is required to import public keys and verify signatures. Examples below use GnuPG.
The steps to verify the binaries are as follows:
- Download the file manifest, the signature for the file manifest, and the binary for your OS from here.
- Obtain the SHA256 value for the binary for your OS and check that it matches the value in the file manifest, e.g. for 64-bit Linux <code>$ sha256sum dcrinstall-linux-amd64-v0.3.0 a53004599daeab51c0e86af026748b7aa55ff9e5d4844bef3b7d8ccf8a5d72a9 dcrinstall-linux-amd64-v0.3.0 </code>
- Import the Decred Release Signing Key in GnuPG.
<code>$ gpg --keyserver pgp.mit.edu --recv-keys 0x518A031D gpg: requesting key 518A031D from hkp server pgp.mit.edu gpg: /home/user/.gnupg/trustdb.gpg: trustdb created gpg: key 7608AF04: public key "Decred Release <firstname.lastname@example.org>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) </code>
- Verify the signature for the file manifest is valid and created by
the Decred Release Signing Key.
<code>$ gpg --verify manifest-dcrinstall-v0.3.0.txt gpg: assuming signed data in `manifest-dcrinstall-v0.3.0.txt' gpg: Signature made Wed 27 Jan 2016 08:56:59 PM UTC using RSA key ID 518A031D gpg: Good signature from "Decred Release <email@example.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: FD13 B683 5E24 8FAF 4BD1 838D 6DF6 34AA 7608 AF04 Subkey fingerprint: F516 ADB7 A069 852C 7C28 A02D 6D89 7EDF 518A 031D </code>
The binary for your platform is now verified and you can be confident they were generated by the Decred team.