# Gavin Andresen
# 2012-03-06 16:02:40
# https://bitcointalk.org/index.php?topic=67515.msg786442#msg786442

@s{quotedtext}
@s{quotedtext}
That is always a risk, which is why next to the downloads there is a gpg-signed SHASUMS.asc file. @p{par}

To check the integrity of the download you should: @p{par}

+ Check the signature on the SHASUMS.asc file: @p{brk}

Code:
$ gpg @p{--}verify SHASUMS.asc  @p{brk}
gpg: Signature made Wed Feb 29 20:51:40 2012 EST using RSA key ID 1FC730C1 @p{brk}
gpg: Good signature from "Gavin Andresen (CODE SIGNING KEY) @p{lt}gavinandresen@gmail.com@s{gt}"
+ Make sure the checksum for the downloaded file matches the checksum in the SHASUMS.asc file: @p{brk}

Code:
$ shasum bitcoin-0.6.0rc2-macosx.dmg @p{brk}
7ab035250ad32a95adf12f2bf8751df9adae0ad4  bitcoin-0.6.0rc2-macosx.dmg @p{brk}
$ grep macosx SHASUMS.asc  @p{brk}
7ab035250ad32a95adf12f2bf8751df9adae0ad4  bitcoin-0.6.0rc2-macosx.dmg @p{brk}

 @p{brk}