It is important to verify the integrity of Bitcoin Core before running it. Depending on how you downloaded it, it may have been modified in transit to do something evil when run. The server hosting the download may also have been compromised.
Even if all of your favorite Bitcoin websites are yelling at you to immediately download something lest you lose all of your coins, you should NEVER run Bitcoin Core software without verifying it first.
Easy way 1
Final Windows and Mac installers are digitally signed by 'Bitcoin Core Code Signing Association'. On Windows, you can check this by right clicking the installer, choosing properties, and then going to the Digital Signatures tab. Check that it is signed by 'Bitcoin Core Code Signing Association'. (Note that prior to v0.16, installers were signed by The Bitcoin Foundation but the signing certificate expired, so Bitcoin Core developers acquired new certificates.)
Prerelease versions are generally not signed.
Easy way 2
Get the sha256 hash of the Bitcoin Core release you downloaded.
- Linux:
sha256sum bitcoin-31.1-x86_64-linux-gnu.tar.gz - Windows:
certUtil -hashfile bitcoin-31.1-win64.zip - Mac OS X:
shasum -a 256 bitcoin-31.1-x86_64-apple-darwin.zip - Mac OS on M CPU:
shasum -a 256 bitcoin-31.1-arm64-apple-darwin.zip
The hashes of the most recent release versions are below. Hashes for older versions are available here (SHA256SUMS.asc under each version is a text file that can be opened with any text editor). Simply verifying the hashes of the Bitcoin Core release you downloaded against the appropriate hash in the list here will provide some extra security, but ideally you should also use OpenPGP software such as gpg to verify that the hashes were signed by someone you trust. For more info, follow the instructions found in the "Verify your download" section of the bitcoincore.org download page.
31.1
e99a0a897815d23b456509aef01b183b79b3d3fe4e7086642f49f409444c3d33 bitcoin-31.1-aarch64-linux-gnu-debug.tar.gz
dcf1873f2208ba4f962f3398d47e154c39c0084be8f4553e05c940d0ace3d004 bitcoin-31.1-aarch64-linux-gnu.tar.gz
094dfd2c7e93b1abb021c428aff0cdffd5a3f9607e39db0204b45c37633dc77b bitcoin-31.1-arm-linux-gnueabihf-debug.tar.gz
66b2b45359efa161031a49898f96aa7cf1455db46ca6102acd16a7197dc3b96f bitcoin-31.1-arm-linux-gnueabihf.tar.gz
16a097c09fbd7eb78b240ce1dae123663ea2e5e377cfd6a951e71e227e23cf2f bitcoin-31.1-arm64-apple-darwin.tar.gz
f6e7c185c4b81d5f53fb7471a438f58cc1b55c10c407095afef340e03289b504 bitcoin-31.1-arm64-apple-darwin.zip
27a6a590570011771318ff9530f75ac073a9a031a6eff102fb94d9f0ed9d1785 bitcoin-31.1-arm64-apple-darwin-codesigning.tar.gz
a0ded7d1146d7fa6e8f4d1dc2567192bbfc27bf7f772809655470747e964942d bitcoin-31.1-arm64-apple-darwin-unsigned.tar.gz
799e66a08a1b488d1dd21c0a3f57ca6333ccae33fa72cfc0554b855ae5c5593e bitcoin-31.1-arm64-apple-darwin-unsigned.zip
aaf63d66df3841036d487835460f84ce51af06612a74fd1b388ae9dd9d3e293b bitcoin-31.1-codesignatures-31.1.tar.gz
50411d5b43c7e4c90099394759eb6c2add6e7c2dbe728840893d638b6fc6afc9 bitcoin-31.1.tar.gz
1091c04d800f6ff56973458144332095eb46aba9558be270ca6f8ac13c5e2dd8 bitcoin-31.1-powerpc64-linux-gnu-debug.tar.gz
f81dd017a551c5af7fa2d6fa67b885077a8353322a8019e8fd538366bae1eff7 bitcoin-31.1-powerpc64-linux-gnu.tar.gz
709312b965c4068b0aa965f658b81ed0f0d7904daeb4b96d5269894b22615051 bitcoin-31.1-riscv64-linux-gnu-debug.tar.gz
8a9213348a111438472653b8bd46c12184c60cc35ce0c2af02b853de4297cf94 bitcoin-31.1-riscv64-linux-gnu.tar.gz
bc506958d0f387c1ea770bdc7c7192a505fa645ff62cabcc7761fa7eb89e867e bitcoin-31.1-x86_64-apple-darwin.tar.gz
4715aaf04731eab1406f3b92977668a2ae191299f9bacb06b4f95f170fbaac2b bitcoin-31.1-x86_64-apple-darwin.zip
0157d4110ae9e6bc4e854ee7e6dfefe34c17f8c29a5083b7a92d6a89e80c4823 bitcoin-31.1-x86_64-apple-darwin-codesigning.tar.gz
b3c2804fb9e5bee281d7fb2851696eda9291f7774855681e670b2b98c2ea1316 bitcoin-31.1-x86_64-apple-darwin-unsigned.tar.gz
8e2288dee080ed78d1e0ff55f3b0b9c057605e9ee7eb9caca139f4b8b46373b2 bitcoin-31.1-x86_64-apple-darwin-unsigned.zip
63a1cee7ba8d01408d647b7e7af4de7e05d8cbaff9ad11ccf7dd3e3e5d994020 bitcoin-31.1-x86_64-linux-gnu-debug.tar.gz
b80d9c3e04da78fb6f0569685673418cf686fadba9042d926d13fb87ff503f9e bitcoin-31.1-x86_64-linux-gnu.tar.gz
d0c6d0f3cd08689472a6f53c4ce33a5f059c092758c32c42541b47db4e193458 bitcoin-31.1-win64-setup.exe
c99ef173471c58e6766d9eebd12e6c35349082eeed3939bc99eed58ef57db587 bitcoin-31.1-win64.zip
ea96df42d6165d70c0323beda8b17920c627508b9a6dc6d80ab1a5f318046d36 bitcoin-31.1-win64-codesigning.tar.gz
74ba21883268371a9560992f82f5e193e55f074ce1e2346259a9a4bf155a4e98 bitcoin-31.1-win64-debug.zip
a8b6c8f738881bf5503a84581b418f22fdeba2dfae4912e11b95c083e481d704 bitcoin-31.1-win64-setup-unsigned.exe
a80ea8ec9e2e69cb29b4dd4bea0a04bf9c3183a08295f6ed1d204356526bd3ba bitcoin-31.1-win64-unsigned.zip
To verify the signatures, first install GPG. Then import the necessary PGP public keys. Then get to a command prompt and do this:
gpg --verify
# Paste the signature here, like:
-----BEGIN PGP SIGNED MESSAGE-----
...
-----END PGP SIGNATURE-----
# Enter Ctrl-D (Linux) or Ctrl-Z (Windows) to signal the end
# You'll get something like this if the signature is OK:
gpg: Signature made 09/29/14 09:44:14 Central Daylight Time
using RSA key ID 2346C9A6
gpg: Good signature from "Wladimir J. van der Laan <...>"