Verify authenticity of Anchor Wallet download on macOS

Hello is there any way to check the hash before downloading the wallet? Also is there any direct links to github please?

I am a noob so please answer to me like a baby but I am capable. Its important as its my crypto work computer. Thank you

Hey there, yeah there is - so long as you’re somewhat comfortable with the Terminal application.

The most recent release can always be found either:

Each release on Github has a signature section, which contains all of the signatures for the downloads being released. 1.0.5 for example has these signatures associated with it’s release:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

shasum -b -a 512 linux-anchor-wallet-1.1.0-beta.1-amd64.deb
918f57375a3412d9122e83aa61e3f20e45696c56b547ab1b5929cf28e25f2798629f1018cd4b2a711d32a89d1694f4ea6f7be897dba9068ed5e09b1c94795f7c *linux-anchor-wallet-1.1.0-beta.1-amd64.deb
shasum -b -a 512 linux-anchor-wallet-1.1.0-beta.1-arm64.deb
d2178cb8faa37cc727a7f35f9b6b35c52890853e673caf95fd7f3cff9ad00d0a2eb1e7d15ee964731ea543bb2ad49109b7060fc387e51635d3c86d34ec06e1a5 *linux-anchor-wallet-1.1.0-beta.1-arm64.deb
shasum -b -a 512 linux-anchor-wallet-1.1.0-beta.1-armv7l.deb
7174ff3c46f54625afed7d564f1ba7a82e752aadd31cb75ba3305285b07ebb7fced3389cd80645e2379998a83836c3a5f04bf887c1cb91cc2df2276f115183d0 *linux-anchor-wallet-1.1.0-beta.1-armv7l.deb
shasum -b -a 512 linux-anchor-wallet-1.1.0-beta.1-x86_64.AppImage
9f2261d5d5ed3dc44e6f14c78683df8deb4082ad734901c930fbe09d45f915b110b8e5aab4d1e57c80b92b98901c5c7f336cf7a83cac6bd53db0d1c58c1e28df *linux-anchor-wallet-1.1.0-beta.1-x86_64.AppImage
shasum -b -a 512 mac-anchor-wallet-1.1.0-beta.1.dmg
cd87c68f81df3d4c26ee652323ecaaa79aa7f4fe522d41fb87b9cd241a21acfae8b6f16381c400fd233fc8be7807e554afd6f485470a182c605753dd85fec0fa *mac-anchor-wallet-1.1.0-beta.1.dmg
shasum -b -a 512 mac-anchor-wallet-1.1.0-beta.1.zip
a95894726d7b3f725f926d6cc3dfdff4156fe52bacaabd3224b63a71ad3c2522580034f19caf51892ec8506d84a056d86d42c7ad960028c63a76ed341e1681df *mac-anchor-wallet-1.1.0-beta.1.zip
shasum -b -a 512 win-anchor-wallet-1.1.0-beta.1.exe
0421f224f2afc3735df823ee6bbf7d5d559ecc3d99918f19ab1f32eaa7e60c3c5c31517c489b4e8616d63e3d6448adc094a7162f87ac50b372869e7341403eb4 *win-anchor-wallet-1.1.0-beta.1.exe
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.1.13
Comment: https://keybase.io/crypto

wsFcBAABCgAGBQJfQGa/AAoJECyLxnO05hN9y9cQAI+GhdXx3ZUUSeeQC2yrsOUr
/zvC+cS33UxQ4AObU0FKpSXB3HusPfmr1x4Q/GPEhl5bd6bDIZ2DYf85jjlx5+d7
Cc+dhccBi8a+DH2DWtp0I9CmgJftLfS5m5rMnsZBaBZDO5327agA0FTWgbTLj3z0
haiTkQWgWPFiFD9ucNfhg3PQnanW9ODn31zahBBLVogIiUjwmdwJzkg7m+IYIK2a
1RHT3uy3kz1QXphqKJW5NRwPzIJ2JVXBHJxpdeU7XPzJ9lh0zBxRz1RpExqyd/gU
R3Y4Td/3AO2asux7sQGkZFZy+XEQTISmUlD6R3N8OtJxx3MlUzOTthM+SMzAgg3S
Ek+f0zQQYUtUnkUN7Y2czaMUypVHwhqvaaxH6Efe2hL2S/vYSTNBdQQ2iiAAJb2C
dLdawJgU1wyAMTMg6I/j5z1VZM9+mDMfVdWmercWmxKyEfb0lBvn75nCh467iWnE
xybbpgBV/KHqET3lXwPq/0UWjt43P01WenlXfu8Ui7xQQFSDbscnFaZA8Ea43Fo0
IqZ5oIJdJnhK85DqWDef+v/StjA5eAuozN/wVK79GnsQzp4oHhs+WewiMp196/4U
+iv0tbOj+hsiA8YgDySTPymo0mnaTyz1RoJJmIPsyCY8JC+fU4rFnPEe5DcOEufY
nbBLE1If3mvQEUO5uFp2
=GB80
-----END PGP SIGNATURE-----

If you were to take the above, or the text from any release, and use Keybase, it’ll show that those file hashes were signed by my keybase keys. The URL is:

If that message verifies to the jesta account, you know its a message from me.

Now, knowing that it’s legit, for the release you’re downloading look for the specific file you’d be using. Since you mentioned a computer running macOS, it’d likely be the dmg file. In the above it shows both the command and the hash of the file, which for 1.0.5 is:

shasum -b -a 512 mac-anchor-wallet-1.1.0-beta.1.dmg
cd87c68f81df3d4c26ee652323ecaaa79aa7f4fe522d41fb87b9cd241a21acfae8b6f16381c400fd233fc8be7807e554afd6f485470a182c605753dd85fec0fa *mac-anchor-wallet-1.1.0-beta.1.dmg

Now download the mac-anchor-wallet-1.1.0-beta.1.dmg file and then open up the Terminal application. From your terminal, navigate to the downloads folder (or wherever you saved it). If you’re unfamiliar with terminal, you’d use:

cd ~/Downloads

From the downloads folder, then run the command from above:

shasum -b -a 512 mac-anchor-wallet-1.1.0-beta.1.dmg

Once it’s run, it’ll return a string of numbers and letters that should match the release. In this instance, it’s the following:

cd87c68f81df3d4c26ee652323ecaaa79aa7f4fe522d41fb87b9cd241a21acfae8b6f16381c400fd233fc8be7807e554afd6f485470a182c605753dd85fec0fa *mac-anchor-wallet-1.1.0-beta.1.dmg

If both the Signatures message verifies on keybase, and the signature you get running the commands above in terminal matches, then you can be reasonably sure that it was an official release.

It’s a complicated process to explain, and not the most user friendly, but shouldn’t be too hard to verify the file is legit. Hope that helps!