Excerpt
I guide you through the process of verifying both mobile and desktop Bitcoin wallet software to ensure you’re using the correct product. Watch now to safeguard your bitcoin and stay secure!
Transcript
If you’re using a mobile wallet only, for instance, and you download it from the App Store from Apple or from the Play Store, this kind of software is already signed and verified by the operating system, meaning you don’t need to verify software that you’ve downloaded from the App Store. The only thing that you need to take care of is that you find the correct wallet because a lot of vendors take similar names, and then it’s difficult to decide which is now the real one and which is maybe from a vendor that no one knows and no one trusts, and they only use a similar name. So, look out for the name of the wallet and for the correct name of the vendor on the web before you download and use a Bitcoin wallet. So, the verification of software is especially important for Bitcoin wallets which are downloaded from a website, from the vendor website. These wallets can be for hardware wallets, the companion apps for hardware wallets, or simple software wallets like the Sparrow Wallet or the Green Wallet for the desktop or the BlueWallet for the desktop. So, it’s important to verify the signatures, basically that you downloaded the correct software that is signed from the vendor or the developer who was developing that software. Why is this important? Because open-source software can be copied by anyone and can be uploaded to any website, and people could say this is the Sparrow Wallet, and you mistakenly download a fake Sparrow Wallet, which then steals all your funds. And if you had verified that, you would have seen that the signature of the software you downloaded is not the same that Craig Raw, the developer of the software, has publicized. So, how does this work in Sparrow, for instance? Sparrow has a very good documentation and guide about that on the website. So, at sparrowwallet.com/download, you can find the Sparrow Wallet and the explanation that Craig Raw is giving on that website you can use that for other wallets as well, and the best is then to go to the websites of the vendor or the developer and check what they write about how to verify their software. Usually, you have to install GPG or GPG2 on your system, which is a software. Once you’ve installed that program, you need to use the command line tool. As I said before, on the Sparrow Wallet website, Craig Raw is very detailed in explaining how this works. Everyone can do it; you just need to take some time to learn how it works and follow the steps that are on the website to verify that. In the end, the tool will tell you, yes, this signature is from the developer, and yes, this software is verified. It has the same verification hashes, so basically, it’s identical. In a software wallet and that was the thing I was tweeting about recently. Now, with Sparrow, when you do an update, the verification process is more conveniently integrated. Now, you only, if you already have Sparrow installed and you download the new software, then you take the software on your desktop and just drop it on the screen into the Sparrow Wallet, and then immediately the display shows you if the signature is correct or not. So, one should actually do this with all or every software for Bitcoin that you download on the web. As an example, for the BitBox02, which is a hardware wallet, you can even build their firmware yourself so that no one can manipulate the software package that you get. That’s basically a little bit advanced or too advanced for beginners, I would say. But as soon as you’ve verified the software for the first time, you can download the firmware inside of the app, meaning you can trust it because you already verified the signature for the app itself, and then you should be good with the firmware.
