Verifying the BitBoxApp's digital signature is an advanced security measure that confirms you have a genuine version signed by BitBox. This process ensures the application has not been tampered with.

While this step is recommended for advanced users, the BitBox02 hardware wallet is designed to be secure even if your computer is compromised. It does not trust the BitBoxApp and will not accept unsigned firmware, protecting your private keys at all times.

Prerequisites

Most Linux distributions come with GPG (GNU Privacy Guard) pre-installed. You can check by opening a terminal and running gpg --version. If it's not installed, use your distribution's package manager to install it (e.g., sudo apt install gnupg on Debian/Ubuntu or sudo dnf install gnupg2 on Fedora).

Step 1: Download the necessary files

Navigate to the official BitBoxApp releases page on GitHub. Download both the application file for your system and its corresponding .asc signature file.

• Debian/Ubuntu/Mint: Download the .deb package and the .deb.asc file.
• Fedora: Download the .rpm package and the .rpm.asc file.
• Other distributions: Download the .AppImage file and the .AppImage.asc file.

Make sure both files are saved in the same directory (e.g., your Downloads folder).

Step 2: Open the terminal

Open a terminal window. A common shortcut is to navigate to your Downloads folder in your file explorer, right-click inside the folder, and select an option like "Open in Terminal".

curl https://bitbox.swiss/download/shiftcryptosec-509249B068D215AE.gpg.asc | gpg --import

gpg --verify bitbox_4.47.3_amd64.deb.asc