Downloading the Software
Download the current Version (0.8.5) software image that is compatible with your Seedsigner.
| Download Image Link/Name |
|---|
seedsigner_os.0.8.5.pi0.img |
Once the file is downloaded, follow the steps below to verify the download before continuing on to write the software onto a MicroSD card. Next, insert the MicroSD into your hardware and connect the USB power. Allow about 45 seconds for logo to appear, and then you can begin using your SeedSigner!
Verifying your download (Optional but recommended) (Requires a bit of technical knowledge)
If you think its too overwhelming skip to “Writing the software onto your MicroSD card”
also download these 2 signature verification files to the same folder
The Plaintext manifest file
The Signature of the manifest file
You can quickly verify that the software you just downloaded is both authentic and unaltered by following these instructions. We assume you are running the commands from a computer where both GPG and shasum are already installed and that you also know how to navigate on a terminal.
You must run the following verification before opening or mounting the .img file. Some operating systems modify the file on mount, causing verification to fail.
Step 1. Verify that the signature (.sig) file is genuine:
Run GPG’s fetch-keys command to import the SeedSigner projects public key from the popular online keyserver called Keybase.io, into your computers keychain.
gpg --fetch-keys https://keybase.io/seedsigner/pgp_keys.asc
The result should confirm that 1 key was either imported or updated. Ignore any key ID’s or email addresses shown.
Next, you will run the verify command on the signature (.sig) file. (Verify must be run from inside the same folder that you downloaded the files into earlier.)
gpg --verify seedsigner.0.8.5.sha256.txt.sig
When the verify command completes successfully, it should display output like this:
The result must display “Good signature“. Ignore any email addresses – only matching Key fingerprints count here. Stop immediately if it displays “Bad signature“!
On the last output line, look at your rightmost 16 characters (the 4 blocks of 4).
Crucially, we must now check WHO that Primary key fingerprint /ID belongs to. We will start by looking at Keybase.io to see if it is the SeedSigner project ‘s public key or not.
About the warning message:
Since you are about to match the outputted fingerprint/ID against the proofs at Keybase.io/SeedSigner, and thereby confirm who the pubkey really belongs to-, you can safely ignore this warning message:
> WARNING: This key is not certified with a trusted signature!
> There is no indication that the signature belongs to the owner.
More about how the verify command works:
The verify command will attempt to decrypt the signature file (sha256.sig) by trying each public key already imported into your computer. If the public key we just imported (via fetch-keys), manages to: (a) successfully decrypt the .sig file , and (b), that result matches exactly to the clear-text equivalent (.sha256) of the .sig file, then its “a good signature”!
Crucially, we must still manually check who exactly owns the Key ID which gave us that “Good signature”. Thats what the warning message means- Who does the matching key really belong to? We will start by looking at keybase.io to see if it is “The SeedSigner project”‘s public Key or not. Note that it is the file hashes of .sig and .sha256 that verify compares, not their raw contents.
Now to determine who the Public key ID belongs to: Goto Keybase.io/SeedSigner
You must now manually compare: The 16 character fingerprint ID (as circled in red above) to, those rightmost 16 characters from your verify command.
If they match exactly, then you have successfully confirmed that your .sig file is authentically from the SeedSigner Project!
Learn more about how keybase.io helps you check that someone (online) is who they say they are:
If the two ID’s do not match, then you must stop here immediately. Do not continue. Contact us for assistance in the Telegram group address above.
Step 2. Verifying that the software images/binaries are genuine
Now that you have confirmed that you do have the real SeedSigner Project’s Public Key (ie the 16 characters match) – you can return to your terminal window. Running the shasum command, is the final verification step and will confirm (via file hashing) that the software code/image files, were also not altered since publication, or even during your download process.
(Prior to version 0.6.0 , your verify command will check the .zip file which contains the binary files.)
On Linux or OSX: Run this command
shasum -a 256 --ignore-missing --check seedsigner.0.8.5.sha256.txt
On Windows (inside Powershell): Run this command
CertUtil -hashfile seedsigner_os.0.8.5.Insert_Your_Pi_Models_binary_here_For_Example_pi02w.img SHA256
On Windows, you must then manually compare the resulting file hash value to the corresponding hash value shown inside the .SHA256 cleartext file.
Wait up to 30 seconds for the command to complete, and it should display:
seedsigner_os.0.8.5.[Your_Pi_Model_For_Example:pi02w].img: OK
If you receive the “OK” message for your seedsigner_os.0.8.5.[Your_Pi_Model_For_Example:pi02w].img file, as shown above, then your verification is fully complete!
All of your downloaded files have now been confirmed as both authentic and unaltered! You can proceed to create/write your MicroSD card !!
If your file result shows “FAILED”, then you must stop here immediately. Do not continue & Contact us.
Please recognize that this process can only validate the software to the extent that the entity that first published the key is an honest actor, and their private key is not compromised or somehow being used by a malicious actor.
Writing the software onto your MicroSD card
To write the SeedSigner software onto your MicroSD card, there are a few options available:
| Application | Description | Platform and official Source |
|---|---|---|
| Balena Etcher | The application is called Etcher, and the company that wrote it is called Balena. Hence Etcher by Balena or Balena Etcher | Available for Windows, Mac and Linux |
| Raspberry Pi Imager | Produced by the Raspberry Pi organization. | Available for Windows, Mac and Linux |
| DD Command Line Utility | Built-in to Linux and MacOS, the DD (Data Duplicator) is a tool for advanced users. If not used carefully it can accidentally format the incorrect disk! | Built-in to Linux and MacOS |
Be sure to download the software from the genuine publisher.
Either of the Etcher or Pi Imager software is recommended. Some SeedSigner users have reported a better experience with one or the other. So, if the one application doesn’t work well for your particular machine, then please try the other one.
Example if you use Balena Etcher:
You will need to download Balena Etcher (Link)
Install and Open. It will look like this
Click Flash from file & Select Seedsigner image file.
(which is seedsigner_os.0.8.5.pi0.img)
Then Connect Micro SD card on your PC using any card reader or adapter.
Make sure to keep micro SD adapter slider in unlocked position (up)
Click Select Target & select SD card storage then click on Flash!
You should get “Flash complete” on successful flash.
Software is ready to run on Hardware !!!
General Considerations:
Make sure to set any write-protection physical slider on the MicroSD Card Adapter to UN-locked.
You also don’t need to pre-format the MicroSD beforehand. You dont need to unzip any .zip file beforehand. Current Etcher and Pi Imager software will perform a verify action (by default) to make sure the card was written successfully! Watching for that verify step to complete successfully, can save you a lot of headaches if you later need to troubleshoot issues where your SeedSigner device doesn’t boot up at power on.
Writing the MicroSd card is also known as flashing.
It will overwrite everything on the MicroSD card.
If the one application fails for you, then please try again using our other recommended application.
Advanced users may want to try the Linux/MacOS DD command instead of using Etcher or Pi Imager, however, a reminder is given that DD can overwrite the wrong disk if you are not careful !
Specific considerations for Windows users:
Use the Pi imager software as your first choice on Windows. Windows can sometimes flag the writing of a MicroSD as risky behaviour and hence it may prevent this activity. If this happens, your writing/flashing will fail, hang or wont even begin, in which case you should to try to run the Etcher/Pi-Imager app “As administrator”, (right-click and choose that option). It can also be blocked by windows security in some cases, so If you have the (non-default) Controlled Folder Access option set to active, try turning that off temporarily.