Commit 1ee2d9b3 authored by qubenix's avatar qubenix Committed by el00ruobuob

Add advanced binary verification guide

+ Add verification-allos-advanced.md to all langs/~~template~~
+ Modify index.md of user-guides in all langs/~~template~~
parent df20dc61
......@@ -21,7 +21,7 @@ global:
privacy: Privacy
copyright: Copyright
untranslated: This page is not yet translated. If you would like to help translate it, please see the
titles:
index: Home
whatismonero: What is Monero (XMR)?
......@@ -54,10 +54,10 @@ titles:
ffs-ot: Open Tasks
ffs-wip: Work in Progress
blogbytag: Blog by Tag
index:
page_title: "Monero - secure, private, untraceable"
home:
translated: "yes"
heading2: Private Digital Currency
......@@ -105,15 +105,15 @@ hangouts:
merchants:
translated: "yes"
intro1: Merchants of all kinds have come to value the financial privacy that Monero brings. Below is a list of the merchants that we know of that currently accept Monero for their goods and services. If a company no longer accepts Monero or you would like your business to be listed, please
intro1: Merchants of all kinds have come to value the financial privacy that Monero brings. Below is a list of the merchants that we know of that currently accept Monero for their goods and services. If a company no longer accepts Monero or you would like your business to be listed, please
intro2: open a GitHub issue and let us know.
disclaimer: |
"Please note: these links are being provided as a convenience and for informational purposes only; they do not constitute an endorsement by the Monero community of any products, services or opinions of the corporations or organizations or individuals listed. The Monero community bears no responsibility for the accuracy, legality, or content of these external sites. Contact the external site for answers to questions regarding its content. As always, caveat emptor ('buyer beware'); you are responsible for doing your own research. Always use judgement when making online purchases."
sponsorships:
translated: "yes"
intro: The following businesses have supported the Monero Project in its goal to bring financial privacy to the world. We couldn't be more grateful for their contributions. If you would like to sponsor the Monero Project and be listed on this page, please send an email to [email protected]
team:
translated: "yes"
core: Core
......@@ -131,7 +131,7 @@ downloads:
sourceblockchain: Source & Blockchain
mobilelight: Mobile & Light
hardware: Hardware
intro1: If you need help choosing the correct application, please click
intro1: If you need help choosing the correct application, please click
intro2: here
intro3: for a quick answer, then select the appropriate release for your operating system below.
note1: "Note: the SHA256 hashes are listed by the downloads for convenience, but a GPG-signed list of the hashes is at"
......@@ -159,7 +159,7 @@ monero-project:
press-kit:
translated: "yes"
intro1: Here you'll find the Monero symbol and logo below. You can choose any size that you want, or download the .ai file to mess with the logo yourself.
intro1: Here you'll find the Monero symbol and logo below. You can choose any size that you want, or download the .ai file to mess with the logo yourself.
intro2: Note that the white background options have a white background under the Monero symbol ONLY, not as a background to the whole image.
intro3: Lastly, you can download everything on this page in one zip file by clicking
intro4: here.
......@@ -352,8 +352,8 @@ about:
privacy_para: Monero takes privacy seriously. Monero needs to be able to protect users in a court of law and, in extreme cases, from the death penalty. This level of privacy must be completely accessible to all users, whether they are technologically competent or have no idea how Monero works. A user needs to confidently trust Monero in a way that this person does not feel pressured into changing their spending habits for risk of others finding out.
decentralization: Decentralization
decentralization_para: Monero is committed to providing the maximum amount of decentralization. With Monero, you do not have to trust anyone else on the network, and it is not run by any large group. An accessible “Proof of Work” algorithm makes it easy to mine Monero on normal computers, which makes it more difficult for someone to purchase a large amount of mining power. Nodes connect to each other with I2P to lower the risks of revealing sensitive transaction information and censorship (tba). Development decisions are extremely clear and open to public discussion. Developer meeting logs are published online in their entirety and visible by all.
developer-guides:
translated: "yes"
outdated: "Please note: the guides below are currently out of date, but are considered a good starting point for most calls."
......@@ -373,6 +373,7 @@ user-guides:
import-blockchain: Importing the Monero blockchain
monero-tools: Monero Tools
purchasing-storing: Securely purchasing and storing Monero
verify-allos: Verify binaries on Linux, Mac, or Windows command line (advanced)
verify-windows: Verify binaries on Windows (beginner)
mine-on-pool: How to mine on a pool with xmr-stak-cpu
solo-mine: How to solo mine with the GUI
......@@ -418,7 +419,7 @@ research-lab:
annotated_para: The Monero Research Lab released an annotated version of the cryptonote whitepaper. This is sort of like an informal review of the claims that are made line-by-line of the whitepaper. It also explains some of the harder concepts in relatively easy to understand terms.
brandon: Brandon Goodell's Whitepaper Review
brandon_para: This paper is a formal review of the original cryptonote paper by MRL researcher Brandon Goodell. He takes an in-depth look at the claims and mathematics presented in the cryptonote paper.
blog:
title_1: All
......@@ -428,7 +429,7 @@ blog:
author: Posted by
date: Posted at
forum: Click here to join the discussion for this entry on the Monero Forum
tags:
all: Articles by Tag
notags: There are no posts for this tag.
# Binary Verification: Linux, Mac, or Windows Using CLI Tools (Advanced)
Verification of the Monero binary files should be done prior to extracting, installing, or using the Monero software. This is the only way to ensure that you are using the official Monero software. If you receive a fake Monero binary (eg. phishing, MITM, etc.), following this guide will protect you from being tricked into using it.
To protect the integrity of the binaries the Monero team provides a cryptographically signed list of all the [SHA256](https://en.wikipedia.org/wiki/SHA-2) hashes. If your downloaded binary has been tampered with it will be produce a [different hash](https://en.wikipedia.org/wiki/File_verification) than the one in the file.
This is an advanced guide for Linux, Mac, or Windows operating systems and will make use of the command line. It will walk you through the process of installing the required software, importing the signing key, downloading the necessary files, and finally verifying that your binary is authentic.
## Table of Contents:
### [1. Install GnuPG](#1-installing-gnupg)
### [2. Verify & Import Signing Key](#2-verify-and-import-signing-key)
+ [2.1. Get Signing Key](#21-get-signing-key)
+ [2.2. Verify Signing key](#22-verify-signing-key)
+ [2.3. Import Signing key](#23-import-signing-key)
### [3. Download & Verify Hash File](#3-download-and-verify-hash-file)
+ [3.1. Get Hash File](#31-get-hash-file)
+ [3.2. Verify Hash File](#32-verify-hash-file)
### [4. Download & Verify Binary](#4-download-and-verify-binary)
+ [4.1. Get Monero Binary](#41-get-monero-binary)
+ [4.2. Binary Verification on Linux or Mac](#42-binary-verification-on-linux-or-mac)
+ [4.3. Binary Verification on Windows](#43-binary-verification-on-windows)
## 1. Installing GnuPG
+ On Windows, go to the [Gpg4win download page](https://gpg4win.org/download.html) and follow the instructions for installation.
+ On Mac, go to the [Gpgtools download page](https://gpgtools.org/) and follow the instructions for installation.
+ On Linux, GnuPG is installed by default.
## 2. Verify and Import Signing Key
This section will cover getting the Monero signing key, making sure it is correct, and importing the key to GnuPG.
### 2.1. Get Signing Key
On Windows or Mac, go to [Fluffypony's GPG key](https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc), which he uses to sign the Monero binaries, and save the page as `fluffypony.asc` to your home directory.
On Linux, you can download Fluffypony's signing key by issuing the following command:
```
wget -O fluffypony.asc https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc
```
### 2.2. Verify Signing Key
On all operating systems, check the fingerprint of `fluffypony.asc` by issuing the following command in a terminal:
```
gpg --keyid-format long --with-fingerprint fluffypony.asc
```
Verify the fingerprint matches:
```
pub 2048R/7455C5E3C0CDCEB9 2013-04-08 Riccardo Spagni <[email protected]>
Key fingerprint = BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9
sub 2048R/55432DF31CCD4FCD 2013-04-08
```
If the fingerprint **DOES** match, then you may proceed.
If the fingerprint **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the file `fluffypony.asc` and go back to [section 2.1](#21-get-signing-key).
### 2.3. Import Signing Key
From a terminal, import the signing key:
```
gpg --import fluffypony.asc
```
If this is the first time you have imported the key, the output will look like this:
```
gpg: key 0x7455C5E3C0CDCEB9: 2 signatures not checked due to missing keys
gpg: key 0x7455C5E3C0CDCEB9: public key "Riccardo Spagni <[email protected]>" importe
d
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
```
If you have imported the key previously, the output will look like this:
```
gpg: key 0x7455C5E3C0CDCEB9: "Riccardo Spagni <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
```
## 3. Download and Verify Hash File
This section will cover downloading the hash file and verifying its authenticity.
### 3.1. Get Hash File
On Windows or Mac, go to the [hashes file on getmonero.org](https://getmonero.org/downloads/hashes.txt) and save the page as `hashes.txt` to your home directory.
On Linux, you can download the signed hashes file by issuing the following command:
```
wget -O hashes.txt https://getmonero.org/downloads/hashes.txt
```
### 3.2. Verify Hash File
The hash file is signed with key `94B7 38DD 3501 32F5 ACBE EA1D 5543 2DF3 1CCD 4FCD`, which is a subkey of key `BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9` (as reflected in the output below).
On all operating systems, verify the signature of the hash file by issuing the following command in a terminal:
```
gpg --verify hashes.txt
```
If the file is authentic, the output will look like this:
```
gpg: Signature made Thu 05 Apr 2018 06:07:35 AM MDT
gpg: using RSA key 94B738DD350132F5ACBEEA1D55432DF31CCD4FCD
gpg: Good signature from "Riccardo Spagni <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9
Subkey fingerprint: 94B7 38DD 3501 32F5 ACBE EA1D 5543 2DF3 1CCD 4FCD
```
If your output shows **Good signature**, as in the example, then you may proceed.
If you see **BAD signature** in the output, **DO NOT CONTINUE.** Instead delete the file `hashes.txt` and go back to [section 3.1](#31-get-hash-file).
## 4. Download and Verify Binary
This section will cover downloading the Monero binary for your operating system, getting the `SHA256` hash of your download, and verifying that it is correct.
### 4.1. Get Monero binary
On Windows or Mac, go to [getmonero.org](https://getmonero.org/downloads/) and download the correct file for your operating system. Save the file to your home directory. **Do not extract the files yet.**
On Linux, you can download the command line tools by issuing the following command:
```
wget -O monero-linux-x64-v0.12.0.0.tar.bz2 https://downloads.getmonero.org/cli/linux64
```
### 4.2. Binary Verification on Linux or Mac
The steps for both Linux and Mac are the same. From a terminal, get the `SHA256` hash of your downloaded Monero binary. As an example this guide will use the `Linux, 64bit` GUI binary. Substitute `monero-gui-linux-x64-v0.12.0.0.tar.bz2` with the name of the binary that you downloaded in [section 4.1](#41-get-monero-binary).
```
shasum -a 256 monero-gui-linux-x64-v0.12.0.0.tar.bz2
```
The output will look like this, but will be different for each binary file. Your `SHA256` hash should match the one listed in the `hashes.txt` file for your binary file.
```
fb0f43387b31202f381c918660d9bc32a3d28a4733d391b1625a0e15737c5388 monero-gui-linux-x64-v0.12.0.0.tar.bz2
```
If your hash **DOES** match, then you are finished with the guide! You can extract the files and install.
If your hash **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the binary you downloaded and go back to [section 4.1](#41-get-monero-binary).
### 4.3. Binary Verification on Windows
From a terminal, get the `SHA256` hash of your downloaded Monero binary. As an example this guide will use the `Windows, 64bit` GUI binary. Substitute `monero-gui-win-x64-v0.12.0.0.zip` with the name of the binary that you downloaded in [section 4.1](#41-get-monero-binary).
```
certUtil -hashfile monero-gui-win-x64-v0.12.0.0.zip SHA256
```
The output will look like this, but will be different for each binary file. Your `SHA256` hash should match the one listed in the `hashes.txt` file for your binary file.
```
SHA256 hash of file monero-gui-win-x64-v0.12.0.0.zip:
4b 9f 31 68 6e ca ad 97 cd b1 75 e6 57 4b f3 07 f8 d1 c4 10 42 78 25 f4 30 4c 21 da 8a ac 18 64
CertUtil: -hashfile command completed successfully.
```
If your hash **DOES** match, then you are finished with the guide! You can extract the files and install.
If your hash **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the binary you downloaded and go back to [section 4.1](#41-get-monero-binary).
......@@ -21,7 +21,7 @@ global:
privacy: Privacy
copyright: Copyright
untranslated: Esta pagina is not yet translated. If you would like to help translate it, please see the
titles:
index: Inicio
whatismonero: ¿Qué es Monero (XMR)?
......@@ -54,7 +54,7 @@ titles:
ffs-ot: Open Tasks
ffs-wip: Work in Progress
blogbytag: Blog by Tag
index:
page_title: "Monero - secure, private, untraceable"
......@@ -105,7 +105,7 @@ hangouts:
merchants:
translated: "no"
intro1: Merchants of all kinds have come to value the financial privacy that Monero brings. Below is a list of the merchants that we know of that currently accept Monero for their goods and services. If a company no longer accepts Monero or you would like your business to be listed, please
intro1: Merchants of all kinds have come to value the financial privacy that Monero brings. Below is a list of the merchants that we know of that currently accept Monero for their goods and services. If a company no longer accepts Monero or you would like your business to be listed, please
intro2: open a GitHub issue and let us know.
disclaimer: |
"Please note: these links are being provided as a convenience and for informational purposes only; they do not constitute an endorsement by the Monero community of any products, services or opinions of the corporations or organizations or individuals listed. The Monero community bears no responsibility for the accuracy, legality, or content of these external sites. Contact the external site for answers to questions regarding its content. As always, caveat emptor ('buyer beware'); you are responsible for doing your own research. Always use judgement when making online purchases."
......@@ -138,7 +138,7 @@ downloads:
note2: y debe tratarse como canónico, con la firma marcada con la clave GPG apropiada en el código fuente (en /utils/gpg_keys).
currentversion: Versión actual
sourcecode: Código fuente
blockchain1: Si prefieres usar un blockchain bootstrap, en lugar de sincronizar desde cero, puedes
blockchain1: Si prefieres usar un blockchain bootstrap, en lugar de sincronizar desde cero, puedes
blockchain2: usar este enlace para el programa de arranque más reciente.
blockchain3: Sin embargo, normalmente es mucho más rápido sincronizar desde cero y también requiere menos RAM (la importación es muy exigente).
hardware1: La comunidad Monero acaba de financiar una
......@@ -159,7 +159,7 @@ monero-project:
press-kit:
translated: "no"
intro1: Here you'll find the Monero symbol and logo below. You can choose any size that you want, or download the .ai file to mess with the logo yourself.
intro1: Here you'll find the Monero symbol and logo below. You can choose any size that you want, or download the .ai file to mess with the logo yourself.
intro2: Note that the white background options have a white background under the Monero symbol ONLY, not as a background to the whole image.
intro3: Lastly, you can download everything on this page in one zip file by clicking
intro4: here.
......@@ -352,8 +352,8 @@ about:
privacy_para: Monero takes privacy seriously. Monero needs to be able to protect users in a court of law and, in extreme cases, from the death penalty. This level of privacy must be completely accessible to all users, whether they are technologically competent or have no idea how Monero works. A user needs to confidently trust Monero in a way that this person does not feel pressured into changing their spending habits for risk of others finding out.
decentralization: Decentralization
decentralization_para: Monero is committed to providing the maximum amount of decentralization. With Monero, you do not have to trust anyone else on the network, and it is not run by any large group. An accessible “Proof of Work” algorithm makes it easy to mine Monero on normal computers, which makes it more difficult for someone to purchase a large amount of mining power. Nodes connect to each other with I2P to lower the risks of revealing sensitive transaction information and censorship (tba). Development decisions are extremely clear and open to public discussion. Developer meeting logs are published online in their entirety and visible by all.
developer-guides:
translated: "yes"
outdated: "Please note: the guides below are currently out of date, but are considered a good starting point for most calls."
......@@ -373,6 +373,7 @@ user-guides:
import-blockchain: Importing the Monero blockchain
monero-tools: Monero Tools
purchasing-storing: Securely purchasing and storing Monero
verify-allos: Verify binaries on Linux, Mac, or Windows command line (advanced)
verify-windows: Verify binaries on Windows (beginner)
mine-on-pool: How to mine on a pool with xmr-stak-cpu
solo-mine: How to solo mine with the GUI
......@@ -427,7 +428,7 @@ blog:
author: Posted by
date: Posted at
forum: Click here to join the discussion for this entry on the Monero Forum
tags:
all: Articles by Tag
notags: There are no posts for this tag.
{% include untranslated.html %}
# Binary Verification: Linux, Mac, or Windows Using CLI Tools (Advanced)
Verification of the Monero binary files should be done prior to extracting, installing, or using the Monero software. This is the only way to ensure that you are using the official Monero software. If you receive a fake Monero binary (eg. phishing, MITM, etc.), following this guide will protect you from being tricked into using it.
To protect the integrity of the binaries the Monero team provides a cryptographically signed list of all the [SHA256](https://en.wikipedia.org/wiki/SHA-2) hashes. If your downloaded binary has been tampered with it will be produce a [different hash](https://en.wikipedia.org/wiki/File_verification) than the one in the file.
This is an advanced guide for Linux, Mac, or Windows operating systems and will make use of the command line. It will walk you through the process of installing the required software, importing the signing key, downloading the necessary files, and finally verifying that your binary is authentic.
## Table of Contents:
### [1. Install GnuPG](#1-installing-gnupg)
### [2. Verify & Import Signing Key](#2-verify-and-import-signing-key)
+ [2.1. Get Signing Key](#21-get-signing-key)
+ [2.2. Verify Signing key](#22-verify-signing-key)
+ [2.3. Import Signing key](#23-import-signing-key)
### [3. Download & Verify Hash File](#3-download-and-verify-hash-file)
+ [3.1. Get Hash File](#31-get-hash-file)
+ [3.2. Verify Hash File](#32-verify-hash-file)
### [4. Download & Verify Binary](#4-download-and-verify-binary)
+ [4.1. Get Monero Binary](#41-get-monero-binary)
+ [4.2. Binary Verification on Linux or Mac](#42-binary-verification-on-linux-or-mac)
+ [4.3. Binary Verification on Windows](#43-binary-verification-on-windows)
## 1. Installing GnuPG
+ On Windows, go to the [Gpg4win download page](https://gpg4win.org/download.html) and follow the instructions for installation.
+ On Mac, go to the [Gpgtools download page](https://gpgtools.org/) and follow the instructions for installation.
+ On Linux, GnuPG is installed by default.
## 2. Verify and Import Signing Key
This section will cover getting the Monero signing key, making sure it is correct, and importing the key to GnuPG.
### 2.1. Get Signing Key
On Windows or Mac, go to [Fluffypony's GPG key](https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc), which he uses to sign the Monero binaries, and save the page as `fluffypony.asc` to your home directory.
On Linux, you can download Fluffypony's signing key by issuing the following command:
```
wget -O fluffypony.asc https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc
```
### 2.2. Verify Signing Key
On all operating systems, check the fingerprint of `fluffypony.asc` by issuing the following command in a terminal:
```
gpg --keyid-format long --with-fingerprint fluffypony.asc
```
Verify the fingerprint matches:
```
pub 2048R/7455C5E3C0CDCEB9 2013-04-08 Riccardo Spagni <[email protected]>
Key fingerprint = BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9
sub 2048R/55432DF31CCD4FCD 2013-04-08
```
If the fingerprint **DOES** match, then you may proceed.
If the fingerprint **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the file `fluffypony.asc` and go back to [section 2.1](#21-get-signing-key).
### 2.3. Import Signing Key
From a terminal, import the signing key:
```
gpg --import fluffypony.asc
```
If this is the first time you have imported the key, the output will look like this:
```
gpg: key 0x7455C5E3C0CDCEB9: 2 signatures not checked due to missing keys
gpg: key 0x7455C5E3C0CDCEB9: public key "Riccardo Spagni <[email protected]>" importe
d
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
```
If you have imported the key previously, the output will look like this:
```
gpg: key 0x7455C5E3C0CDCEB9: "Riccardo Spagni <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
```
## 3. Download and Verify Hash File
This section will cover downloading the hash file and verifying its authenticity.
### 3.1. Get Hash File
On Windows or Mac, go to the [hashes file on getmonero.org](https://getmonero.org/downloads/hashes.txt) and save the page as `hashes.txt` to your home directory.
On Linux, you can download the signed hashes file by issuing the following command:
```
wget -O hashes.txt https://getmonero.org/downloads/hashes.txt
```
### 3.2. Verify Hash File
The hash file is signed with key `94B7 38DD 3501 32F5 ACBE EA1D 5543 2DF3 1CCD 4FCD`, which is a subkey of key `BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9` (as reflected in the output below).
On all operating systems, verify the signature of the hash file by issuing the following command in a terminal:
```
gpg --verify hashes.txt
```
If the file is authentic, the output will look like this:
```
gpg: Signature made Thu 05 Apr 2018 06:07:35 AM MDT
gpg: using RSA key 94B738DD350132F5ACBEEA1D55432DF31CCD4FCD
gpg: Good signature from "Riccardo Spagni <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9
Subkey fingerprint: 94B7 38DD 3501 32F5 ACBE EA1D 5543 2DF3 1CCD 4FCD
```
If your output shows **Good signature**, as in the example, then you may proceed.
If you see **BAD signature** in the output, **DO NOT CONTINUE.** Instead delete the file `hashes.txt` and go back to [section 3.1](#31-get-hash-file).
## 4. Download and Verify Binary
This section will cover downloading the Monero binary for your operating system, getting the `SHA256` hash of your download, and verifying that it is correct.
### 4.1. Get Monero binary
On Windows or Mac, go to [getmonero.org](https://getmonero.org/downloads/) and download the correct file for your operating system. Save the file to your home directory. **Do not extract the files yet.**
On Linux, you can download the command line tools by issuing the following command:
```
wget -O monero-linux-x64-v0.12.0.0.tar.bz2 https://downloads.getmonero.org/cli/linux64
```
### 4.2. Binary Verification on Linux or Mac
The steps for both Linux and Mac are the same. From a terminal, get the `SHA256` hash of your downloaded Monero binary. As an example this guide will use the `Linux, 64bit` GUI binary. Substitute `monero-gui-linux-x64-v0.12.0.0.tar.bz2` with the name of the binary that you downloaded in [section 4.1](#41-get-monero-binary).
```
shasum -a 256 monero-gui-linux-x64-v0.12.0.0.tar.bz2
```
The output will look like this, but will be different for each binary file. Your `SHA256` hash should match the one listed in the `hashes.txt` file for your binary file.
```
fb0f43387b31202f381c918660d9bc32a3d28a4733d391b1625a0e15737c5388 monero-gui-linux-x64-v0.12.0.0.tar.bz2
```
If your hash **DOES** match, then you are finished with the guide! You can extract the files and install.
If your hash **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the binary you downloaded and go back to [section 4.1](#41-get-monero-binary).
### 4.3. Binary Verification on Windows
From a terminal, get the `SHA256` hash of your downloaded Monero binary. As an example this guide will use the `Windows, 64bit` GUI binary. Substitute `monero-gui-win-x64-v0.12.0.0.zip` with the name of the binary that you downloaded in [section 4.1](#41-get-monero-binary).
```
certUtil -hashfile monero-gui-win-x64-v0.12.0.0.zip SHA256
```
The output will look like this, but will be different for each binary file. Your `SHA256` hash should match the one listed in the `hashes.txt` file for your binary file.
```
SHA256 hash of file monero-gui-win-x64-v0.12.0.0.zip:
4b 9f 31 68 6e ca ad 97 cd b1 75 e6 57 4b f3 07 f8 d1 c4 10 42 78 25 f4 30 4c 21 da 8a ac 18 64
CertUtil: -hashfile command completed successfully.
```
If your hash **DOES** match, then you are finished with the guide! You can extract the files and install.
If your hash **DOES NOT** match, **DO NOT CONTINUE.** Instead delete the binary you downloaded and go back to [section 4.1](#41-get-monero-binary).
......@@ -22,7 +22,7 @@ global:
copyright: Propriété intellectuelle
edit: Modifier cette page
untranslated: Cette page n'a pas encore été traduite. Si vous voulez aider à la traduire, voyez le
titles:
index: Accueil
whatismonero: Qu'est-ce que Monero ?
......@@ -55,7 +55,7 @@ titles:
ffs-ot: Taches Ouvertes
ffs-wip: Travail en Cours
blogbytag: Blog par Tag
index:
page_title: "Monero - sécurisé, confidentiel, intracable"
......@@ -141,7 +141,7 @@ downloads:
blockchain1: Si vous préférez utiliser une amorce de la chaîne de blocs, plutôt que de synchroniser à partir de zéro, vous pouvez
blockchain2: utiliser ce lien pour obtenir l'amorce la plus récente.
blockchain3: Il est cependant habituellement plus rapide de synchroniser à partir de zéro, et cela consomme également nettement moins de RAM (l'import est particulièrement gourmand).
hardware1: La communauté Monero vient de financer un
hardware1: La communauté Monero vient de financer un
hardware2: Portefeuille Matériel Dédié
hardware3: qui est en cours d'avancement. De même, Ledger travail sur une
hardware4: intégration de Monero dans leurs portefeuilles matériels.
......@@ -297,7 +297,7 @@ using:
generate_para1: Vous devez posséder un portefeuille Monero pour sécurisé vos fonds. Regardez la page
generate_para2: Téléchargements
generate_para3: pour trouver une liste des portefeuilles disponibles.
generate_para4: La façon la plus simple de faire fonctionner un nœud Monero, sans affecter votre bande passante, est de louer un VPS (Virtual Private Server). Nous recommandons fortement d'utiliser
generate_para4: La façon la plus simple de faire fonctionner un nœud Monero, sans affecter votre bande passante, est de louer un VPS (Virtual Private Server). Nous recommandons fortement d'utiliser
generate_para5: avec le code de réduction
generate_para6: afin d'obtenir une réduction supplémentaire sur leur tarif déjà abordable de VPS à 6$ par mois. En utilisant ce code de réduction et/ou
generate_para7: notre lien affilié
......@@ -352,8 +352,8 @@ about:
privacy_para: Monero prend la confidentialité très au sérieux. Monero doit pouvoir protéger ses utilisateurs devant une cours de justice, ou dans les cas les plus extrêmes, de la peine de mort. Ce niveau de confidentialité doit être accessible à tous les utilisateurs, qu'ils disposent ou non de compétences techniques et aient ou non la moindre idée du fonctionnement interne de Monero. Un utilisateur doit pouvoir être en totale confiance avec Monero de sorte qu'il ne puisse se sentir contraint à modifier ses habitudes de paiement de peur que d'autres ne s'en rendent compte.
decentralization: Décentralisation
decentralization_para: Monero s'engage à fournir le maximum de décentralisation possible. Avec Monero, vous n'avez besoin de faire confiance à personne sur le réseau, et il n'est géré par aucun grand groupe. Un algorithme de « Preuve de Travail » (Proof of Work) accessible facilite l'extraction minière de Monero sur des ordinateurs normaux, ce qui rend plus difficile l'achat d'une grande quantité de puissance minière. Les nœuds se connectent les uns aux autres grâce à I2P pour réduire les risques de révélation des informations sensibles sur les transactions et de censure (disponible bientôt). Les décisions de développement sont extrêmement claires et ouvertes à discussion publique. Les compte-rendus des réunions des développeurs sont intégralement publiés en ligne et disponibles publiquement.
developer-guides:
translated: "yes"
outdated: Attention, les guides ci-dessous sont actuellement obsolètes, mais sont considérés comme de bons points de départ pour la plupart des appels de procédures distantes.
......@@ -373,6 +373,7 @@ user-guides:
import-blockchain: Importer la chaîne de blocs Monero
monero-tools: Outils Monero
purchasing-storing: Acheter et Conserver Monero en toute sécurité
verify-allos: Vérifier des binaires sur Linux, Mac ou Windows en ligne de commande (avancé)
verify-windows: Vérifier des binaires sur Windows (Débutant)
mine-on-pool: Comment miner sur un pool avec xmr-stak-cpu
solo-mine: Comment miner en solo avec la GUI
......@@ -398,8 +399,8 @@ research-lab:
translated: "yes"
intro: Monero ne s'engage pas seulement à créer une monnaie fongible, mais également à continuer la recherche dans le domaine de la confidentialité financière qu'impliquent les cryptomonnaies. Vous trouverez ci-dessous le résultat du travail de notre Laboratoire de Recherche Monero, d'autres rapports s'y ajouterons.
mrl_papers: Rapports du Laboratoire de Recherche Monero
abstract: Résumé
introduction: Introduction
abstract: Résumé
introduction: Introduction
read-paper: Lire le rapport complet (en Anglais)
mrl1: Rapport des réaction de la chaine à la traçabilité dans CryptoNote 2.0
mrl1_abstract: Ce bulletin de recherche décrit une attaque plausible sur un système anonyme basé sur les signatures de cercle. Nous nous appuyons sur le protocol de cryptomonnaie CryptoNote 2.0 apparemment publié par Nicolas van Saberhagen en 2012. Il a déjà été démontré que l'intraçabilité obscurcissant une pair de clefs à usage unique peut être dépendant de l'intraçabilité de toutes les clefs utilisées dans la composition de cette signature de cercle. Cela rend possible des réactions en chaine de la traçabilité entre les signatures de cercle, pouvant causer une réduction drastique de l'intraçabilité de l'ensemble du réseau si les paramètres sont piètrement choisis et si un attaquant possède un pourcentage suffisant du réseau. Les signatures sont cependant toujours à usage unique, et une telle attaque ne permettrait pas nécessairement de violer l'anonymat des utilisateurs. Cependant, une telle attaque pourrait potentiellement réduire la résistance dont fait preuve CryptoNote contre l'analyse de la chaîne de blocs. Ce bulletin de recherche n'a pas fait l'objet d'un examen par des tiers, et ne reflète que les résultats d'investigations internes.
......@@ -427,7 +428,7 @@ blog:
author: Publiés par
date: Publiés à
forum: Cliquer ici pour participer à la discussion de cet entrée sur le Forum Monero
tags:
all: Articles par Tag
notags: Il n'y a aucun post pour ce tag.
{% include untranslated.html %}
# Binary Verification: Linux, Mac, or Windows Using CLI Tools (Advanced)
Verification of the Monero binary files should be done prior to extracting, installing, or using the Monero software. This is the only way to ensure that you are using the official Monero software. If you receive a fake Monero binary (eg. phishing, MITM, etc.), following this guide will protect you from being tricked into using it.
To protect the integrity of the binaries the Monero team provides a cryptographically signed list of all the [SHA256](https://en.wikipedia.org/wiki/SHA-2) hashes. If your downloaded binary has been tampered with it will be produce a [different hash](https://en.wikipedia.org/wiki/File_verification) than the one in the file.
This is an advanced guide for Linux, Mac, or Windows operating systems and will make use of the command line. It will walk you through the process of installing the required software, importing the signing key, downloading the necessary files, and finally verifying that your binary is authentic.
## Table of Contents:
### [1. Install GnuPG](#1-installing-gnupg)
### [2. Verify & Import Signing Key](#2-verify-and-import-signing-key)
+ [2.1. Get Signing Key](#21-get-signing-key)
+ [2.2. Verify Signing key](#22-verify-signing-key)
+ [2.3. Import Signing key](#23-import-signing-key)
### [3. Download & Verify Hash File](#3-download-and-verify-hash-file)
+ [3.1. Get Hash File](#31-get-hash-file)
+ [3.2. Verify Hash File](#32-verify-hash-file)
### [4. Download & Verify Binary](#4-download-and-verify-binary)
+ [4.1. Get Monero Binary](#41-get-monero-binary)
+ [4.2. Binary Verification on Linux or Mac](#42-binary-verification-on-linux-or-mac)
+ [4.3. Binary Verification on Windows](#43-binary-verification-on-windows)
## 1. Installing GnuPG
+ On Windows, go to the [Gpg4win download page](https://gpg4win.org/download.html) and follow the instructions for installation.
+ On Mac, go to the [Gpgtools download page](https://gpgtools.org/) and follow the instructions for installation.
+ On Linux, GnuPG is installed by default.
## 2. Verify and Import Signing Key
This section will cover getting the Monero signing key, making sure it is correct, and importing the key to GnuPG.