Download - Bitcoin

Latest version: 28.0 rss

Check your bandwidth and space

Bitcoin Core requires a one-time download of about 600GB of data plus a further 5-10GB per month. By default, you will need to store all of that data, but if you enable pruning, you can store as little as 10GB total without sacrificing any security. For more information about setting up Bitcoin Core, please read the full node guide.

Verify your download

Download verification is optional but highly recommended. Performing the verification steps here ensures that you have not downloaded an unexpected or tampered version of Bitcoin, which may result in loss of funds.

Click one of the lines below to view verification instructions for that platform.

Windows verification instructions
  1. Click the link in the list above to download the release for your platform and wait for the file to finish downloading.

  2. Download the list of cryptographic checksums: SHA256SUMS

  3. Download the signatures attesting to validity of the checksums: SHA256SUMS.asc

  4. Open a terminal (command line prompt) and Change Directory (cd) to the folder you use for downloads. For example:

    cd %UserProfile%\Downloads
    
  5. Run the following command to generate a checksum of the release file you downloaded. Replace 'bitcoin-28.0-win64-setup.exe' with the name of the file you actually downloaded.

    certUtil -hashfile bitcoin-28.0-win64-setup.exe SHA256
  6. Ensure that the checksum produced by the command above matches one of the checksums listed in the checksums file you downloaded earlier. We recommend that you check every character of the two checksums to ensure they match. You can see the checksums you downloaded by running the following command:

    type SHA256SUMS
  7. If you haven't previously installed GNU Privacy Guard (GPG) on your system, install it now or see other installation options.

  8. Bitcoin releases are signed by a number of individuals, each with a unique public key. In order to recognize the validity of signatures, you must use GPG to load these public keys locally. You can find many developer keys listed in the bitcoin-core/guix.sigs repository, which you can then load into your GPG key database.

    For example, you could load the key builder-keys/fanquake.gpg by downloading the file as fanquake.gpg and using this command:

    C:\Program Files (x86)\GnuPG\bin\gpg.exe --import fanquake.gpg

    The output of the command above should say that one key was imported, updated, has new signatures, or remained unchanged.

  9. It is recommended that you choose a few individuals from this list who you find trustworthy and import their keys as above. You will later use their keys to check the signature attesting to the validity of the checksums you use to check the binaries. You can import all keys at once by cloning the repo and importing the directory:

  10. Verify that the checksums file is PGP signed by a sufficient amount of keys you trust and have imported into your keychain:
    C:\Program Files (x86)\GnuPG\bin\gpg.exe --verify SHA256SUMS.asc
  11. The command above will output a series of signature checks for each of the public keys that signed the checksums. Each valid signature will show the following text:

    1. A line that starts with: gpg: Good signature

    2. A complete line saying: Primary key fingerprint: E777 299F C265 DD04 7930  70EB 944D 35F9 AC3D B76A

    The output from the verify command may contain warnings that a public key is not available. As long as you have all the public keys of signers you trust, this warning can be disregarded. There may be additional warnings that a "key is not certified with a trusted signature." This means that to fully verify your download, you need to confirm that the signing key's fingerprint (e.g. E777 299F.. .) listed in the second line above matches what you had expected for the signers public key.

MacOS verification instructions
  1. Click the link in the list above to download the release for your platform and wait for the file to finish downloading.

  2. Download the list of cryptographic checksums: SHA256SUMS

  3. Download the signatures attesting to validity of the checksums: SHA256SUMS.asc

  4. Open a terminal (command line prompt) and Change Directory (cd) to the folder you use for downloads. For example:

    cd Downloads/
  5. Verify that the checksum of the release file is listed in the checksums file using the following command:

    shasum -a 256 --ignore-missing --check SHA256SUMS

    In the output produced by the above command ensure the output lists "OK" after the name of the release file you downloaded. For example: bitcoin-28.0-x86_64-apple-darwin.zip: OK

  6. If you haven't previously installed GNU Privacy Guard (GPG) on your system, install it now or see other installation options.

  7. Bitcoin releases are signed by a number of individuals, each with a unique public key. In order to recognize the validity of signatures, you must use GPG to load these public keys locally. You can find many developer keys listed in the bitcoin-core/guix.sigs repository, which you can then load into your GPG key database.

    For example, you could load the key builder-keys/fanquake.gpg by downloading the file as fanquake.gpg and using this command:

    gpg --import fanquake.gpg

    The output of the command above should say that one key was imported, updated, has new signatures, or remained unchanged.

  8. It is recommended that you choose a few individuals from this list who you find trustworthy and import their keys as above. You will later use their keys to check the signature attesting to the validity of the checksums you use to check the binaries. You can import all keys at once by cloning the repo and importing the directory:
    git clone https://github.com/bitcoin-core/guix.sigs
    gpg --import guix.sigs/builder-keys/*
  9. Verify that the checksums file is PGP signed by a sufficient amount of keys you trust and have imported into your keychain:
    gpg --verify SHA256SUMS.asc
  10. The command above will output a series of signature checks for each of the public keys that signed the checksums. Each valid signature will show the following text:

    1. A line that starts with: gpg: Good signature

    2. A complete line saying: Primary key fingerprint: E777 299F C265 DD04 7930  70EB 944D 35F9 AC3D B76A

    The output from the verify command may contain warnings that a public key is not available. As long as you have all the public keys of signers you trust, this warning can be disregarded. There may be additional warnings that a "key is not certified with a trusted signature." This means that to fully verify your download, you need to confirm that the signing key's fingerprint (e.g. E777 299F.. .) listed in the second line above matches what you had expected for the signers public key. See the GNU handbook section on key management for more details.

Linux verification instructions
  1. Click the link in the list above to download the release for your platform and wait for the file to finish downloading.

  2. Download the list of cryptographic checksums: SHA256SUMS

  3. Download the signatures attesting to validity of the checksums: SHA256SUMS.asc

  4. Open a terminal (command line prompt) and Change Directory (cd) to the folder you use for downloads. For example:

    cd Downloads/
  5. Verify that the checksum of the release file is listed in the checksums file using the following command:

    sha256sum --ignore-missing --check SHA256SUMS

    In the output produced by the above command ensure the output lists "OK" after the name of the release file you downloaded. For example: bitcoin-28.0-x86_64-linux-gnu.tar.gz: OK

  6. Bitcoin releases are signed by a number of individuals, each with a unique public key. In order to recognize the validity of signatures, you must use GPG to load these public keys locally. You can find many developer keys listed in the bitcoin-core/guix.sigs repository, which you can then load into your GPG key database.

    For example, you could load the key builder-keys/fanquake.gpg by downloading the file as fanquake.gpg and using this command:

    gpg --import fanquake.gpg

    The output of the command above should say that one key was imported, updated, has new signatures, or remained unchanged.

  7. It is recommended that you choose a few individuals from this list who you find trustworthy and import their keys as above. You will later use their keys to check the signature attesting to the validity of the checksums you use to check the binaries. You can import all keys at once by cloning the repo and importing the directory:
    git clone https://github.com/bitcoin-core/guix.sigs
    gpg --import guix.sigs/builder-keys/*
  8. Verify that the checksums file is PGP signed by a sufficient amount of keys you trust and have imported into your keychain:
    gpg --verify SHA256SUMS.asc
  9. The command above will output a series of signature checks for each of the public keys that signed the checksums. Each valid signature will show the following text:

    1. A line that starts with: gpg: Good signature

    2. A complete line saying: Primary key fingerprint: E777 299F C265 DD04 7930  70EB 944D 35F9 AC3D B76A

    The output from the verify command may contain warnings that a public key is not available. As long as you have all the public keys of signers you trust, this warning can be disregarded. There may be additional warnings that a "key is not certified with a trusted signature." This means that to fully verify your download, you need to confirm that the signing key's fingerprint (e.g. E777 299F.. .) listed in the second line above matches what you had expected for the signers public key. See the GNU handbook section on key management for more details.

Snap package verification instructions

While the Snap packages use the deterministically generated executables, the Snap tool itself does not provide a streamlined way to reveal the contents of a Snap package. Thus, the Bitcoin Core project does not have the information necessary to help you verify the Bitcoin Core Snap packages.

Additional verification with reproducible builds

Experienced users who don't mind performing additional steps can take advantage of Bitcoin Core's reproducible builds and the signed checksums generated by contributors who perform those builds.

  • Reproducible builds allow anyone with a copy of Bitcoin Core's MIT-licensed source code to build identical binaries to those distributed on this website (meaning the binaries will have the same cryptographic checksums as those provided by this website).

  • Verified reproduction is the result of multiple Bitcoin Core contributors each independently reproducing identical binaries as described above. These contributors cryptographically sign and publish the checksums of the binaries they generate.

The preceding verification instructions will verify that several contributors you trust all signed the same checksums distributed in the release checksums file. Additionally, reproducing a binary for yourself will provide you with the highest level of assurance currently available. For more information, visit the project's repository of trusted build process signatures.


Bitcoin Core is a community-driven free software project, released under the open source MIT license.