Excerpt
I guide you through the process of verifying both mobile and desktop Bitcoin wallet software to ensure you’re using the correct product. Watch now to safeguard your bitcoin and stay secure!
Transcript
If you’re using a mobile wallet only, for instance, and you download it from the App Store from Apple or from the Play Store, this kind of software is already signed and verified by the operating system, meaning you don’t need to verify software that you’ve downloaded from the App Store. The only thing that you need to take care of is that you find the correct wallet, because a lot of vendors take similar names. Then it’s difficult to decide which is the real one and which is maybe from a vendor that no one knows and no one trusts, and they only use a similar name.
So, look out for the name of the wallet and for the correct name of the vendor on the web before you download and use a Bitcoin wallet.
Importance of Verifying Wallets Downloaded from the Web
The verification of software is especially important for Bitcoin wallets which are downloaded from a website, from the vendor website. These wallets can be for hardware wallets (the companion apps for hardware wallets), or simple software wallets like Sparrow Wallet, Blockstream Green, or BlueWallet for the desktop.
So, it’s important to verify the signatures—basically that you downloaded the correct software that is signed from the vendor or the developer who was developing that software.
Why Verification Matters
Why is this important? Because open-source software can be copied by anyone and can be uploaded to any website. People could say “this is the Sparrow Wallet,” and you might mistakenly download a fake Sparrow Wallet, which then steals all your funds.
If you had verified it, you would have seen that the signature of the software you downloaded is not the same one that Craig Raw, the developer of Sparrow, has publicized.
How to Verify with Sparrow Wallet
So, how does this work in Sparrow, for instance? Sparrow has very good documentation and a guide about this on the website. Visit sparrowwallet.com/download
There, Craig Raw provides an explanation that you can also use as a reference for other wallets. The best way is to go to the website of the vendor or developer and check what they write about how to verify their software.
Usually, you have to install GPG or GPG2 on your system, which is verification software. Once you’ve installed that program, you need to use the command line tool. As I said before, on the Sparrow Wallet website, Craig Raw is very detailed in explaining how this works.
Everyone can do it; you just need to take some time to learn how it works and follow the steps on the website to verify that. In the end, the tool will tell you, yes, this signature is from the developer, and yes, this software is verified. It has the same verification hashes—so basically, it’s identical.
Sparrow’s Easier Verification for Updates
In a software wallet—and that was the thing I was tweeting about recently—now with Sparrow, when you do an update, the verification process is more conveniently integrated. If you already have Sparrow installed and you download the new software, then you take the software on your desktop and just drop it on the screen into the Sparrow Wallet, and then immediately the display shows you if the signature is correct or not.
So, one should actually do this with all or every software for Bitcoin that you download on the web.
Example: BitBox02 Firmware Verification
As an example, for the BitBox02, which is a hardware wallet, you can even build their firmware yourself so that no one can manipulate the software package that you get. That’s basically a little bit advanced—or too advanced—for beginners, I would say.
But as soon as you’ve verified the software for the first time, you can download the firmware inside of the app. That means you can trust it, because you already verified the signature for the app itself, and then you should be good with the firmware.
