Verification instructions#

To find instructions on how to verify the integrity of the file you have downloaded, navigate to the respective section that outlines the steps needed for that specific file.

Concordium Desktop Wallet#

Linux#

AppImage#

Verify checksum of download

In a terminal:

  1. Navigate to the download.

  2. Then paste the first line of the following block into the terminal.

  3. Verify that the output matches the second line in the block.

$sha256sum concordium-desktop-wallet-1.8.1.AppImage
31da6e7adde0ab8fd9a16c14bcba0c986cdf3cd2b647e9eed5040d9f40173c6d

Verify download with signature

To verify that the downloaded file is an official Concordium release, you can verify that the file is signed by Concordium. To do this, you need a signature of the release and a public key.

With the signature, the public key, and the downloaded file all in the same directory, execute the following steps to verify that the file has been signed by Concordium.

In a terminal:

  1. Navigate to the directory containing the assets needed to verify.

  2. Then paste the first line of the following block into the terminal

  3. The command outputs Signature Verified Successfully as a result, as inidicated by the second line in the block.

$openssl pkeyutl -verify -pubin -inkey concordium-desktop-wallet-pubkey.pem -rawin -in concordium-desktop-wallet-1.8.1.AppImage -sigfile concordium-desktop-wallet-1.8.1.AppImage.sig
Signature Verified Successfully

Note that this only works for openssl version 3.0.0 and up.

Debian package#

Verify checksum of download

In a terminal:

  1. Navigate to the download.

  2. Then paste the first line of the following block into the terminal.

  3. Verify that the output matches the second line in the block.

$sha256sum concordium-desktop-wallet-1.8.1.deb
b8f12b17ada943c8997af5d226ceb9854e2a3ad71f14f2300a25c6e01d721408

Verify download with signature

To verify that the downloaded file is an official Concordium release, you can verify that the file is signed by Concordium. To do this, you need a signature of the release and a public key.

With the signature, the public key, and the downloaded file all in the same directory, execute the following steps to verify that the file has been signed by Concordium.

In a terminal:

  1. Navigate to the directory containing the assets needed to verify.

  2. Then paste the first line of the following block into the terminal

  3. The command outputs Signature Verified Successfully as a result, as inidicated by the second line in the block.

$openssl pkeyutl -verify -pubin -inkey concordium-desktop-wallet-pubkey.pem -rawin -in concordium-desktop-wallet-1.8.1.deb -sigfile concordium-desktop-wallet-1.8.1.deb.sig
Signature Verified Successfully

Note that this only works for openssl version 3.0.0 and up.

RPM#

Verify checksum of download

In a terminal:

  1. Navigate to the download.

  2. Then paste the first line of the following block into the terminal.

  3. Verify that the output matches the second line in the block.

$sha256sum concordium-desktop-wallet-1.8.1.rpm
da5e1e79265923065437a836637f0557f868c89c9f10ead2b6312d5ac1e1049e

Verify download with signature

To verify that the downloaded file is an official Concordium release, you can verify that the file is signed by Concordium. To do this, you need a signature of the release and a public key.

With the signature, the public key, and the downloaded file all in the same directory, execute the following steps to verify that the file has been signed by Concordium.

In a terminal:

  1. Navigate to the directory containing the assets needed to verify.

  2. Then paste the first line of the following block into the terminal

  3. The command outputs Signature Verified Successfully as a result, as inidicated by the second line in the block.

$openssl pkeyutl -verify -pubin -inkey concordium-desktop-wallet-pubkey.pem -rawin -in concordium-desktop-wallet-1.8.1.rpm -sigfile concordium-desktop-wallet-1.8.1.rpm.sig
Signature Verified Successfully

Note that this only works for openssl version 3.0.0 and up.

Automatic updates#

When the desktop wallet updates itself, it performs the necessary steps to verify both the checksum and signature of the downloaded update. If verification is unsuccessful, the update is rejected.

Concordium Client#

Linux#

Verify checksum of download

In a terminal:

  1. Navigate to the download.

  2. Then paste the first line of the following block into the terminal.

  3. Verify that the output matches the second line in the block.

$sha256sum concordium-client_8.0.0-5
1e2915dfe95e8b93988db2081b79c260051ad8616be6de70bf268ca9b2b90299

Cargo Concordium#

Linux#

Verify checksum of download

In a terminal:

  1. Navigate to the download.

  2. Then paste the first line of the following block into the terminal.

  3. Verify that the output matches the second line in the block.

$sha256sum cargo-concordium_2.8.0
ea3f603e2a921181cdf323604066444378a955c55e82b206a7d169bf636fa75d

Node Debian package#

Verify checksum of download

In a terminal:

  1. Navigate to the download.

  2. Then paste the first line of the following block into the terminal.

  3. Verify that the output matches the second line in the block.

$sha256sum concordium-mainnet-node_8.0.3-1_amd64.deb
83216d9985971f3dec3d3e99da3822e01e022558887e2461c0cb315d48bd0460

Mainnet genesis block#

Verify checksum of download

In a terminal:

  1. Navigate to the download.

  2. Then paste the first line of the following block into the terminal.

  3. Verify that the output matches the second line in the block.

Windows

$Get-FileHash genesis.dat -Algorithm SHA256
5fe6a62824d5b0dba6143243e90987ddf3e15cca079f21992de04d078d9ea6dc

MacOS

$shasum -a 256 genesis.dat
5fe6a62824d5b0dba6143243e90987ddf3e15cca079f21992de04d078d9ea6dc

Linux

$sha256sum genesis.dat
5fe6a62824d5b0dba6143243e90987ddf3e15cca079f21992de04d078d9ea6dc
Was this article helpful?