Verification instructions

To find instructions on how to verify the integrity of the file you have downloaded, navigate to the respective section that outlines the steps needed for that specific file.

Concordium Desktop Wallet

Linux

AppImage

Verify checksum of download

In a terminal:

  1. Navigate to the download.

  2. Then paste the first line of the following block into the terminal.

  3. Verify that the output matches the second line in the block.

$sha256sum concordium-desktop-wallet-1.3.1.AppImage
b67b15f51ba02bae25b1381906b9bc888d245013bf2bee84939a575e4b0c004b

Verify download with signature

To verify that the downloaded file is an official Concordium release, you can verify that the file is signed by Concordium. To do this, you need a signature of the release and a public key.

With the signature, the public key, and the downloaded file all in the same directory, execute the following steps to verify that the file has been signed by Concordium.

In a terminal:

  1. Navigate to the directory containing the assets needed to verify.

  2. Then paste the first line of the following block into the terminal

  3. The command outputs Signature Verified Successfully as a result, as inidicated by the second line in the block.

$openssl pkeyutl -verify -pubin -inkey concordium-desktop-wallet-pubkey.pem -rawin -in concordium-desktop-wallet-1.3.1.AppImage -sigfile concordium-desktop-wallet-1.3.1.AppImage.sig
Signature Verified Successfully

Note that this only works for openssl version 3.0.0 and up.

Debain package

Verify checksum of download

In a terminal:

  1. Navigate to the download.

  2. Then paste the first line of the following block into the terminal.

  3. Verify that the output matches the second line in the block.

$sha256sum concordium-desktop-wallet-1.3.1.deb
f561780366662c26ad2518920aedade352d39e5a44e3fe3ea5e6bd86e6407b1b

Verify download with signature

To verify that the downloaded file is an official Concordium release, you can verify that the file is signed by Concordium. To do this, you need a signature of the release and a public key.

With the signature, the public key, and the downloaded file all in the same directory, execute the following steps to verify that the file has been signed by Concordium.

In a terminal:

  1. Navigate to the directory containing the assets needed to verify.

  2. Then paste the first line of the following block into the terminal

  3. The command outputs Signature Verified Successfully as a result, as inidicated by the second line in the block.

$openssl pkeyutl -verify -pubin -inkey concordium-desktop-wallet-pubkey.pem -rawin -in concordium-desktop-wallet-1.3.1.deb -sigfile concordium-desktop-wallet-1.3.1.deb.sig
Signature Verified Successfully

Note that this only works for openssl version 3.0.0 and up.

RPM

Verify checksum of download

In a terminal:

  1. Navigate to the download.

  2. Then paste the first line of the following block into the terminal.

  3. Verify that the output matches the second line in the block.

$sha256sum concordium-desktop-wallet-1.3.1.rpm
c476bee4e213fb629ebbab53fa80bc211fea9adea77711f337e663bea0573717

Verify download with signature

To verify that the downloaded file is an official Concordium release, you can verify that the file is signed by Concordium. To do this, you need a signature of the release and a public key.

With the signature, the public key, and the downloaded file all in the same directory, execute the following steps to verify that the file has been signed by Concordium.

In a terminal:

  1. Navigate to the directory containing the assets needed to verify.

  2. Then paste the first line of the following block into the terminal

  3. The command outputs Signature Verified Successfully as a result, as inidicated by the second line in the block.

$openssl pkeyutl -verify -pubin -inkey concordium-desktop-wallet-pubkey.pem -rawin -in concordium-desktop-wallet-1.3.1.rpm -sigfile concordium-desktop-wallet-1.3.1.rpm.sig
Signature Verified Successfully

Note that this only works for openssl version 3.0.0 and up.

Automatic updates

When the desktop wallet updates itself, it performs the necessary steps to verify both the checksum and signature of the downloaded update. If verification is unsuccessful, the update is rejected.

Concordium Client

Linux

Verify checksum of download

In a terminal:

  1. Navigate to the download.

  2. Then paste the first line of the following block into the terminal.

  3. Verify that the output matches the second line in the block.

$sha256sum concordium-client_3.0.4-0
6ea2674ebae5dafd9de3c730db536fc0675627b6b867f05a944a1a60dd5ceca8

Node Debian package

Verify checksum of download

In a terminal:

  1. Navigate to the download.

  2. Then paste the first line of the following block into the terminal.

  3. Verify that the output matches the second line in the block.

$sha256sum concordium-mainnet-node_3.0.1_amd64.deb
19e3b27fcac5f5a8012ffff0ec13a4c80350e1d99afb4022bcd49929527667a7

Mainnet genesis block

Verify checksum of download

In a terminal:

  1. Navigate to the download.

  2. Then paste the first line of the following block into the terminal.

  3. Verify that the output matches the second line in the block.

Windows

$Get-FileHash genesis.dat -Algorithm SHA256
5fe6a62824d5b0dba6143243e90987ddf3e15cca079f21992de04d078d9ea6dc

MacOS

$shasum -a 256 genesis.dat
5fe6a62824d5b0dba6143243e90987ddf3e15cca079f21992de04d078d9ea6dc

Linux

$sha256sum genesis.dat
5fe6a62824d5b0dba6143243e90987ddf3e15cca079f21992de04d078d9ea6dc

Support & Feedback

If you have questions or feedback, join us on Discourse, or contact us at support@concordium.software.