Download - Syscoin

Latest version: 4.4.2 rss

Or choose your operating system

Verify release signatures
Source code
Show version history

Syscoin Core Release Signing Keys v4.1.0+ 79D00BAC68B56D422F945A8F8E3A8F3247DBCBBF
Refresh expired keys using:
gpg --keyserver hkp://keyserver.ubuntu.com --refresh-keys

Check your bandwidth and space

Syscoin Core requires a one-time download of about 50GB of data plus a further 5-10GB per month. By default, you will need to store all of that data, but if you enable pruning, you can store as little as 3GB total without sacrificing any security.

Verify your download

Download verification is optional but highly recommended. Click one of the lines below to view verification instructions for that platform.

Windows verification instructions
  1. Click the link in the list above to download the release for your platform and wait for the file to finish downloading.

  2. Download the list of cryptographic checksums: SHA256SUMS.asc

  3. Open a terminal (command line prompt) and Change Directory (cd) to the folder you use for downloads. For example:

    cd %UserProfile%\Downloads
    
  4. Run the following command to generate a checksum of the release file you downloaded. Replace 'syscoin-4.4.2-win64-setup.exe' with the name of the file you actually downloaded.

    certUtil -hashfile syscoin-4.4.2-win64-setup.exe SHA256
  5. Ensure that the checksum produced by the command above matches one of the checksums listed in the checksums file you downloaded earlier. We recommend that you check every character of the two checksums to ensure they match. You can see the checksums you downloaded by running the following command:

    type SHA256SUMS.asc
  6. If you haven't previously installed GNU Privacy Guard (GPG) on your system, install it now or see other installation options.

  7. Obtain a copy of the release signing key by running the following command:

    C:\Program Files\Gnu\GnuPg\gpg.exe --keyserver hkp://keyserver.ubuntu.com --recv-keys 79D00BAC68B56D422F945A8F8E3A8F3247DBCBBF

    The output of the command above should say that one key was imported, updated, has new signatures, or remained unchanged.

  8. Verify that the checksums file is PGP signed by the release signing key:
    C:\Program Files\Gnu\GnuPg\gpg.exe --verify SHA256SUMS.asc
  9. Check the output from the above command for the following text:

    1. A line that starts with: gpg: Good signature

    2. A complete line saying: Primary key fingerprint: 79D0 0BAC 68B5 6D42 2F94  5A8F 8E3A 8F32 47DB CBBF

    The output from the verify command may contain a warning that the "key is not certified with a trusted signature." This means that to fully verify your download, you need to ask people you trust to confirm that the key fingerprint printed above belongs to the Syscoin Core Project's release signing key.

MacOS verification instructions
  1. Click the link in the list above to download the release for your platform and wait for the file to finish downloading.

  2. Download the list of cryptographic checksums: SHA256SUMS.asc

  3. Open a terminal (command line prompt) and Change Directory (cd) to the folder you use for downloads. For example:

    cd Downloads/
  4. Verify that the checksum of the release file is listed in the checksums file using the following command:

    shasum -a 256 --check SHA256SUMS.asc

    In the output produced by the above command, you can safely ignore any warnings and failures, but you must ensure the output lists "OK" after the name of the release file you downloaded. For example: syscoin-4.4.2x86_64-apple-darwin.dmg: OK

  5. If you haven't previously installed GNU Privacy Guard (GPG) on your system, install it now or see other installation options.

  6. Obtain a copy of the release signing key by running the following command:

    gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 79D00BAC68B56D422F945A8F8E3A8F3247DBCBBF

    The output of the command above should say that one key was imported, updated, has new signatures, or remained unchanged.

  7. Verify that the checksums file is PGP signed by the release signing key:
    gpg --verify SHA256SUMS.asc
  8. Check the output from the above command for the following text:

    1. A line that starts with: gpg: Good signature

    2. A complete line saying: Primary key fingerprint: 79D0 0BAC 68B5 6D42 2F94  5A8F 8E3A 8F32 47DB CBBF

    The output from the verify command may contain a warning that the "key is not certified with a trusted signature." This means that to fully verify your download, you need to ask people you trust to confirm that the key fingerprint printed above belongs to the Syscoin Core Project's release signing key.

Linux verification instructions
  1. Click the link in the list above to download the release for your platform and wait for the file to finish downloading.

  2. Download the list of cryptographic checksums: SHA256SUMS.asc

  3. Open a terminal (command line prompt) and Change Directory (cd) to the folder you use for downloads. For example:

    cd Downloads/
  4. Verify that the checksum of the release file is listed in the checksums file using the following command:

    sha256sum --ignore-missing --check SHA256SUMS.asc

    In the output produced by the above command, you can safely ignore any warnings and failures, but you must ensure the output lists "OK" after the name of the release file you downloaded. For example: syscoin-4.4.2-x86_64-linux-gnu.tar.gz: OK

  5. Obtain a copy of the release signing key by running the following command:

    gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 79D00BAC68B56D422F945A8F8E3A8F3247DBCBBF

    The output of the command above should say that one key was imported, updated, has new signatures, or remained unchanged.

  6. Verify that the checksums file is PGP signed by the release signing key:
    gpg --verify SHA256SUMS.asc
  7. Check the output from the above command for the following text:

    1. A line that starts with: gpg: Good signature

    2. A complete line saying: Primary key fingerprint: 79D0 0BAC 68B5 6D42 2F94  5A8F 8E3A 8F32 47DB CBBF

    The output from the verify command may contain a warning that the "key is not certified with a trusted signature." This means that to fully verify your download, you need to ask people you trust to confirm that the key fingerprint printed above belongs to the Syscoin Core Project's release signing key.

Snap package verification instructions

While the Snap packages use the deterministically generated executables, the Snap tool itself does not provide a streamlined way to reveal the contents of a Snap package. Thus, the Syscoin Core project does not have the information necessary to help you verify the Syscoin Core Snap packages.

Additional verification with reproducible builds

Experienced users who don't mind performing additional steps can take advantage of Syscoin Core's reproducible builds and the signed checksums generated by contributors who perform those builds.

  • Reproducible builds allow anyone with a copy of Syscoin Core's MIT-licensed source code to build identical binaries to those distributed on this website (meaning the binaries will have the same cryptographic checksums as those provided by this website).

  • Verified reproduction is the result of multiple Syscoin Core contributors each independently reproducing identical binaries as described above. These contributors cryptographically sign and publish the checksums of the binaries they generate.

Verifying that several contributors you trust all signed the same checksums distributed in the release checksums file will provide you with additional assurances over the preceding basic verification instructions. Alternatively, reproducing a binary for yourself will provide you with the highest level of assurance currently available. For more information, visit the project's repository of trusted build process signatures.


Syscoin Core is a community-driven free software project, released under the open source MIT license.