Safe usage of bitaddress.org
I want to use bitaddress.org to create a wallet. Can you please verify my approach?
Change the password of my router and wifi and unplug all devices from the network except my notebook.
Go to https://github.com/pointbiz/bitaddress.org and download the project as a .zip file.
Go to https://www.bitaddress.org and download the project as a .zip file.
Unzip both files and confirm that both resulting folders are identical with
meld
.Keep one of the folders and delete the remaining files.
Download pointbiz_bitaddress.org.asc from (at least) three trustworthy sources.
Disconnect my notebook from the internet.
Confirm that all downloaded signatures are equal with
meld
. Keep one of them.gpg --import pointbiz_bitaddress.org.asc
and confirm the ouput matches:gpg: key 63974F5A: public key "pointbiz pointbiz@bitaddress.org"
imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)
gpg --verify bitaddress.org.html.sig
. Make sure the output matches the following:gpg: Signature made Mon 22 Aug 2016 00:56:51 BST using RSA key ID 63974F5A
gpg: Good signature from "pointbiz pointbiz@bitaddress.org"
gpg: aka "ninja ninja@bitaddress.org"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 527B 5C82 B1F6 B2DB 72A0 ECBF 8749 7B91 6397 4F5A
Use
bitaddress.org.html
.
I decided to not compute any hash sums as gpg --verify
should do this already, right? Is this approach safe to be used?