How to verify the hash of a downloaded wallet installer : Veil

Scammers and thieves are constantly stealing people's money.
Often this involves fake wallet software, so it is necessary for all of us to verify the authenticity of the software even when downloading from the official website!

All official Veil wallet downloads come from https://github.com/Veil-Project/veil/releases
There is no other source for the genuine Veil wallet. If or when a third party wallet is available, such as a light wallet or a multi-currency wallet it will be mentioned on Veil's official website https://veil-project.com/

Hackers sometimes inject a fake wallet into a legitimate website, as happened with one of our competitors recently for about half an hour! This was discovered by someone who checked the "hash" of the downloaded file and realised that it was incorrect.

This document does not deal with PGP keys or signatures, but you can find the keys of developers who have made commits here: https://github.com/Veil-Project/veil/blob/master/contrib/gitian-keys/keys.txt

Verify a wallet installer downloaded from the official downloads page on Github

In the "Assets" for the latest released version download the first file: SHASUM256

It will only be a couple of kilobytes in size (eg. 1.91 KB)

This is a text file so it may be most convenient if you add the file extension .txt to the end of it so you can simply open it in your text editor. If you are going to download the wallet for only one specific operating system, such as veil-1.0.4-osx-unsigned.dmg you can delete all the other lines, leaving only that version with the expected hash to its left, for example: 126d0320ab00092d001ae3e565551b9b9a0685dd7722c174ce45ceb9cefe9ec9

This one is correct for the MacOS Veil 1.0.4.7 installer, but will of course be different for every newer release.

Next download the desired wallet installer such as veil-1.0.4-osx-unsigned.dmg

Verify the hash in MacOS Terminal

Change directory to your Downloads folder (if that is where you saved it):

cd ~/Downloads

You might be well-advised to clean out your downloads folder first, or to create a Veil folder in it and download to that. Check that your files are there with

ls

It will list all the files in that folder.

Use `shasum` to display the actual hash:

shasum -a 256 veil-1.0.4-osx-unsigned.dmg

"-a 256" specifies to use SHA256, matching the method used by the Veil developers to create the hashes in the list. The output shows the same hash and the file name, just as found in the SHASUM256.txt file you downloaded.

126d0320ab00092d001ae3e565551b9b9a0685dd7722c174ce45ceb9cefe9ec9  veil-1.0.4-osx-unsigned.dmg

You may now have confidence to install the Veil wallet from that downloaded file.

Verify the hash in Linux (for example Ubuntu 18.04)

While Ubuntu has a perfectly fine graphical interface, it is much more concise and consistent to give instructions using the text interface in Terminal.

Prepare the folder you want to download the SHASUM file and wallet installer into:

cd ~                            # (this is your /home/username folder)
mkdir Temp                # (if it does not already exist)
cd Temp                     # (or directly cd ~/Temp)

Find the download URLs so you can download the files in the Terminal by using Firefox or your preferred web browser to go to https://github.com/Veil-Project/veil/releases

Right-click the specific download and copy the URLs like:
https://github.com/Veil-Project/veil/releases/download/v1.0.4.7/SHASUM256 and
https://github.com/Veil-Project/veil/releases/download/v1.0.4.7/veil-1.0.4-x86_64-linux-gnu.tar.gz
(Be sure that you are downloading the latest released version, at the time of writing, 1.0.4.7.)

Any mention below of 1.0.4.7 should, of course, be replaced with the latest version

Download the SHASUM file:

wget -O SHASUM256.txt https://github.com/Veil-Project/veil/releases/download/v1.0.4.7/SHASUM256

Edit the SHASUM file to remove distractions for when you compare hashes later.

nano SHASUM256.txt

and delete all the lines that do not belong to the file we are downloading.

Use Ctrl+k (^K) to cut the unnecessary lines. Use Ctrl+u (^U) to uncut any lines accidentally cut.
Save the file with Ctrl+O (^O)[Enter] and Ctrl+X (^X) to exit

Download the Linux version of the Veil wallet installer:

wget -O veil-1.0.4.7.tar.gz https://github.com/Veil-Project/veil/releases/download/v1.0.4.7/veil-1.0.4-x86_64-linux-gnu.tar.gz

Get the SHA256 hash of the file:

shasum -a 256 veil-1.0.4.7.tar.gz

Compare the resulting hash with the contents of the SHASUM file:

cat SHASUM256.txt

You should see identical hashes shown.

If okay, proceed to extract the contents by:

tar -xf veil-1.0.4.7.tar.gz

The wallet program's binary files will be in the folder "bin" underneath the veil-1.0.4 folder. (Note that the extracted folder does not have the final digit in the version number.)

Verify the hash in Windows

As above, download the latest released Veil wallet (for example: https://github.com/Veil-Project/veil/releases/download/v1.0.4.7/veil-1.0.4-win64-setup-unsigned.exe) and the SHASUM file (as SHASUM.txt for this example). In a Command Prompt (change directory to the appropriate folder and) use:

certUtil -hashfile  veil-1.0.4-win64-setup-unsigned.exe SHA256

open up the SHASUM.txt file and compare the resulting hash from the certUtil command.

How to verify the hash of a downloaded wallet installer Print