Download – Bitcoin

Check your bandwidth and space

Bitcoin Core requires a one-time download of about 500GB of data plus a further 5-10GB per month. By default, you will need to store all of that data, but if you enable pruning, you can store as little as 6GB total without sacrificing any security.
For more information about setting up Bitcoin Core, please read the full node guide.

Verify your download

Download verification is optional but highly recommended. Performing the verification steps here ensures that you have not downloaded an unexpected or tampered version of Bitcoin, which may result in loss of funds.

Click one of the lines below to view verification instructions for that platform.

Windows verification instructions

1. Click the link in the list above to download the release for your platform and wait for the file to finish downloading.

2. Download the list of cryptographic checksums: SHA256SUMS

3. Download the signatures attesting to validity of the checksums: SHA256SUMS.asc

4. Open a terminal (command line prompt) and Change Directory (cd) to the folder you use for downloads. For example:

   cd %UserProfile%\Downloads
   

5. Run the following command to generate a checksum of the release file you downloaded. Replace ‘bitcoin-24.0.1-win64-setup.exe’ with the name of the file you actually downloaded.

   certUtil -hashfile bitcoin-24.0.1-win64-setup.exe SHA256

6. Ensure that the checksum produced by the command above matches one of the checksums listed in the checksums file you downloaded earlier. We recommend that you check every character of the two checksums to ensure they match. You can see the checksums you downloaded by running the following command:

   type SHA256SUMS

7. If you haven’t previously installed GNU Privacy Guard (GPG) on your system, install it now
   or see other installation
   options.

8. Bitcoin releases are signed by a number of individuals, each with a unique public key. In order to recognize the validity of signatures, you must use GPG to load these public keys locally. You can find many developer keys listed in the bitcoin/bitcoin repository, which you can then load into your GPG key database.

   For example, given the builder-keys/keys.txt line E777299FC265DD04793070EB944D35F9AC3DB76A Michael Ford (fanquake)you could load that key using this command:

   C:\Program Files (x86)\GnuPG\bin\gpg.exe --keyserver hkps://keys.openpgp.org --recv-keys E777299FC265DD04793070EB944D35F9AC3DB76A

   The output of the command above should say that one key was imported, updated, has new signatures, or remained unchanged.

9. It is recommended that you choose a few individuals from this list who you find trustworthy and import their keys as above, or import all the keys per the instructions in the contrib/builder-key README. You will later use their keys to check the signature attesting to the validity of the checksums you use to check the binaries.

10. Verify that the checksums file is PGP signed by a sufficient amount of keys you trust and have imported into your keychain:

    C:\Program Files (x86)\GnuPG\bin\gpg.exe --verify SHA256SUMS.asc

11. The command above will output a series of signature checks for each of the public keys that signed the checksums. Each signature will show the following text:

    1. A line that starts with: gpg: Good signature

    2. A complete line saying: Primary key fingerprint:
E777 299F C265 DD04 7930  70EB 944D 35F9 AC3D B76A


    The output from the verify command may contain warnings that the “key is not certified with a trusted signature.” This means that to fully verify your download, you need to confirm that the signing key’s fingerprint (e.g.
E777 299F..
.) listed in the second line above matches what you had expected for the signers public key.

MacOS verification instructions

1. Click the link in the list above to download the release for your platform and wait for the file to finish downloading.

2. Download the list of cryptographic checksums: SHA256SUMS

3. Download the signatures attesting to validity of the checksums: SHA256SUMS.asc

4. Open a terminal (command line prompt) and Change Directory (cd) to the folder you use for downloads. For example:

   cd Downloads/

5. Verify that the checksum of the release file is listed in the checksums file using the following command:

   shasum -a 256 --check SHA256SUMS

   In the output produced by the above command, you can safely ignore any warnings and failures, but you must ensure the output lists “OK” after the name of the release file you downloaded. For example: bitcoin-24.0.1-x86_64-apple-darwin.dmg: OK

6. If you haven’t previously installed GNU Privacy Guard (GPG) on your system, install it now
   or see other installation
   options.

7. Bitcoin releases are signed by a number of individuals, each with a unique public key. In order to recognize the validity of signatures, you must use GPG to load these public keys locally. You can find many developer keys listed in the bitcoin/bitcoin repository, which you can then load into your GPG key database.

   For example, given the builder-keys/keys.txt line E777299FC265DD04793070EB944D35F9AC3DB76A Michael Ford (fanquake)you could load that key using this command:

   gpg --keyserver hkps://keys.openpgp.org --recv-keys E777299FC265DD04793070EB944D35F9AC3DB76A

   The output of the command above should say that one key was imported, updated, has new signatures, or remained unchanged.

8. It is recommended that you choose a few individuals from this list who you find trustworthy and import their keys as above, or import all the keys per the instructions in the contrib/builder-key README. You will later use their keys to check the signature attesting to the validity of the checksums you use to check the binaries.

9. Verify that the checksums file is PGP signed by a sufficient amount of keys you trust and have imported into your keychain:

   gpg --verify SHA256SUMS.asc

10. The command above will output a series of signature checks for each of the public keys that signed the checksums. Each signature will show the following text:

    1. A line that starts with: gpg: Good signature

    2. A complete line saying: Primary key fingerprint:
E777 299F C265 DD04 7930  70EB 944D 35F9 AC3D B76A


    The output from the verify command may contain warnings that the “key is not certified with a trusted signature.” This means that to fully verify your download, you need to confirm that the signing key’s fingerprint (e.g.
E777 299F..
.) listed in the second line above matches what you had expected for the signers public key.

Linux verification instructions

1. Click the link in the list above to download the release for your platform and wait for the file to finish downloading.

2. Download the list of cryptographic checksums: SHA256SUMS

3. Download the signatures attesting to validity of the checksums: SHA256SUMS.asc

4. Open a terminal (command line prompt) and Change Directory (cd) to the folder you use for downloads. For example:

   cd Downloads/

5. Verify that the checksum of the release file is listed in the checksums file using the following command:

   sha256sum --ignore-missing --check SHA256SUMS

   In the output produced by the above command, you can safely ignore any warnings and failures, but you must ensure the output lists “OK” after the name of the release file you downloaded. For example: bitcoin-24.0.1-x86_64-linux-gnu.tar.gz: OK

6. Bitcoin releases are signed by a number of individuals, each with a unique public key. In order to recognize the validity of signatures, you must use GPG to load these public keys locally. You can find many developer keys listed in the bitcoin/bitcoin repository, which you can then load into your GPG key database.

   For example, given the builder-keys/keys.txt line E777299FC265DD04793070EB944D35F9AC3DB76A Michael Ford (fanquake)you could load that key using this command:

   gpg --keyserver hkps://keys.openpgp.org --recv-keys E777299FC265DD04793070EB944D35F9AC3DB76A

   The output of the command above should say that one key was imported, updated, has new signatures, or remained unchanged.

7. It is recommended that you choose a few individuals from this list who you find trustworthy and import their keys as above, or import all the keys per the instructions in the contrib/builder-key README. You will later use their keys to check the signature attesting to the validity of the checksums you use to check the binaries.

8. Verify that the checksums file is PGP signed by a sufficient amount of keys you trust and have imported into your keychain:

   gpg --verify SHA256SUMS.asc

9. The command above will output a series of signature checks for each of the public keys that signed the checksums. Each signature will show the following text:

   1. A line that starts with: gpg: Good signature

   2. A complete line saying: Primary key fingerprint:
E777 299F C265 DD04 7930  70EB 944D 35F9 AC3D B76A


   The output from the verify command may contain warnings that the “key is not certified with a trusted signature.” This means that to fully verify your download, you need to confirm that the signing key’s fingerprint (e.g.
E777 299F..
.) listed in the second line above matches what you had expected for the signers public key.

Snap package verification instructions

While the Snap packages use the deterministically generated executables, the Snap tool itself does not provide a streamlined way to reveal the contents of a Snap package. Thus, the Bitcoin Core project does not have the information necessary to help you verify the Bitcoin Core Snap packages.

Additional verification with reproducible builds

Experienced users who don’t mind performing additional steps can take advantage of Bitcoin Core’s reproducible builds and the signed checksums generated by contributors who perform those builds.

• Reproducible builds allow anyone with a copy of Bitcoin Core’s MIT-licensed source code to build identical binaries to those distributed on this website (meaning the binaries will have the same cryptographic checksums as those provided by this website).

• Verified reproduction is the result of multiple Bitcoin Core contributors each independently reproducing identical binaries as described above. These contributors cryptographically sign and publish the checksums of the binaries they generate.

Verifying that several contributors you trust all signed the same checksums distributed in the release checksums file will provide you with additional assurances over the preceding basic verification instructions. Alternatively, reproducing a binary for yourself will provide you with the highest level of assurance currently available. For more information, visit the project’s repository of
trusted build process signatures.

Bitcoin Core is a community-driven free software project, released under the open source MIT license.