• caglararli@hotmail.com
  • 05386281520

Safe usage of bitaddress.org

Çağlar Arlı      -    69 Views

Safe usage of bitaddress.org

I want to use bitaddress.org to create a wallet. Can you please verify my approach?

  1. Change the password of my router and wifi and unplug all devices from the network except my notebook.

  2. Go to https://github.com/pointbiz/bitaddress.org and download the project as a .zip file.

  3. Go to https://www.bitaddress.org and download the project as a .zip file.

  4. Unzip both files and confirm that both resulting folders are identical with meld.

  5. Keep one of the folders and delete the remaining files.

  6. Download pointbiz_bitaddress.org.asc from (at least) three trustworthy sources.

  7. Disconnect my notebook from the internet.

  8. Confirm that all downloaded signatures are equal with meld. Keep one of them.

  9. gpg --import pointbiz_bitaddress.org.asc and confirm the ouput matches:

    gpg: key 63974F5A: public key "pointbiz pointbiz@bitaddress.org"

    imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)

  10. gpg --verify bitaddress.org.html.sig. Make sure the output matches the following:

    gpg: Signature made Mon 22 Aug 2016 00:56:51 BST using RSA key ID 63974F5A

    gpg: Good signature from "pointbiz pointbiz@bitaddress.org"

    gpg: aka "ninja ninja@bitaddress.org"

    gpg: WARNING: This key is not certified with a trusted signature!

    gpg: There is no indication that the signature belongs to the owner.

    Primary key fingerprint: 527B 5C82 B1F6 B2DB 72A0 ECBF 8749 7B91 6397 4F5A

  11. Use bitaddress.org.html.

I decided to not compute any hash sums as gpg --verify should do this already, right? Is this approach safe to be used?