This guide will walk you through verifying the bitcoin client binaries after downloading them from http://bitcoin.org.
At a high level, you will download the gzipped binaries and a checksum file. You confirm that the checksum file is the legitimate checksum by verifying it was properly signed by the lead Bitcoin developer.
Once the checksum file is verified, you run a checksum on the gzipped file and compare it to the checksum in the checksum file.
If you haven't imported Gavin's gpg key into your system, you will first need to do that.
wget http://bitcoin.org/gavinandresen.asc gpg import gavinadresen.asc
Download gzip and checksum
Download the latest client binaries and the checksum file from the Bitcoin project on sourceforge. This example shows version 0.8.6.
wget http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.6/bitcoin-0.8.6-linux.tar.gz wget http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.6/SHA256SUMS.asc
Verify checksum file
You will now verify that the checksum file you downloaded was signed by the Bitcoin lead developer and can be trusted.
gpg --verify SHA256SUM.asc
Should output something like....
gpg: Signature made Mon 09 Dec 2013 01:14:17 PM PST using RSA key ID 7BF6E212 gpg: Good signature from "Gavin Andresen (CODE SIGNING KEY) <email@example.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 2664 6D99 CBAE C9B8 1982 EF60 29D9 EE6B 1FC7 30C1 Subkey fingerprint: 3D22 F497 DEAE D078 18A2 219A 1B7B FB45 7BF6 E212
Even though it generates a warning, you can verify the key fingerprint is correct agains Gavin's known key fingerprint:
2664 6D99 CBAE C9B8 1982 EF60 29D9 EE6B 1FC7 30C1
Verify gzipped file
You will run
sha256sum on the gzipped file and compare that output to the contents of the SHA256SUM.asc file:
grep linux SHA256SUM.asc; sha256sum bitcoin-0.8.6-linux.tar.gz
Which outputs two matching rows... signifying that the checksum of the gzipped file matches the supplied checksum in the .asc file:
73495de53d1a30676884961e39ff46c3851ff770eeaa767331d065ff0ce8dd0c bitcoin-0.8.6-linux.tar.gz 73495de53d1a30676884961e39ff46c3851ff770eeaa767331d065ff0ce8dd0c bitcoin-0.8.6-linux.tar.gz
Congrats you should have a valid Bitcoin client.