Download
1.9.1 Sparrow Desktop
Sparrow Desktop offers full functionality for systems with a graphical interface. For headless systems, use Sparrow Server.
Sparrow Server
.deb and .rpm packages install to /opt/sparrow.
How to Verify the Releases?
Sparrow 1.8.3 or later
For Sparrow versions 1.8.3 and above, the verification process can be performed within the application itself. To begin, download these three files to a single directory (e.g., your Downloads folder):
To initiate verification:
- Drag and drop any of the downloaded files onto the Sparrow interface.
- This action launches the Verify Download dialog, which automatically checks file integrity.
- Alternatively, access the Verify Download dialog via Tools > Verify Download in the main menu.
Signed By: Craig Raw <[email protected]> on Mon May 13 16:10:11 2024 SAST
Release Hash: Matched manifest hash
Verified: Ready to install Sparrow-1.9.1-aarch64.dmg
This verification tool can also be used to verify other software, like Bitcoin Core or hardware wallet firmware.
Earlier releases
For Sparrow versions before 1.8.3, install gpg or gpg2 on your system. You need download it for MacOS or Windows. Linux users already have gpg pre-installed. After installation, use the command line for verification.
On macOS, open Terminal.app. On Windows, use Start > Run > cmd.
Import the signing keys for this release if you haven’t already or if previously imported keys have expired. Use this command:
curl https://keybase.io/craigraw/pgp_keys.asc | gpg --import
After importing the PGP keys, verify the release. Download sparrow-1.9.1-manifest.txt and sparrow-1.9.1-manifest.txt.asc from the above table to the same directory (e.g., Downloads). Verify the manifest file using this command:
gpg --verify sparrow-1.9.1-manifest.txt.asc
Upon successful verification, you should see output similar to this (your time zone may differrent):
gpg: assuming signed data in 'sparrow-1.9.1-manifest.txt'
gpg: Signature made Mon May 13 16:10:11 2024 SAST
gpg: using RSA key D4D0D3202FC06849A257B38DE94618334C674B40
gpg: Good signature from "Craig Raw <[email protected]>" [unknown]
You might encounter a message like this:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.This message indicates the public key is not marked as trusted in your GPG instance. As a best practice, verify the key against other sources, such as https://keybase.io/craigraw (click the link next to the key icon for the full public key). For more information on key validation, consult the GnuPG Privacy Handbook.
This process verifies the manifest file’s signature, ensuring its integrity and authenticity. To verify the binary, download the installation file for your OS. Then compute its sha256 hash using shasum -a 256 <filename>. Compare this hash with the corresponding one in the manifest file. They must match exactly. Example:
macOS
shasum --check sparrow-1.9.1-manifest.txt --ignore-missing
Sparrow-1.9.1.dmg: OK
For macOS versions before v11, omit --ignore-missing. You can leave it out and ignore any reported missing files.
Linux
sha256sum --check sparrow-1.9.1-manifest.txt --ignore-missing
sparrow_1.9.1-1_amd64.deb: OK
Windows
CertUtil -hashfile Sparrow-1.9.1.exe SHA256 | findstr /v "hash"
Compare result to the appropriate value in sparrow-1.9.1-manifest.txt!
After completing these steps, you’ve verified your download’s integrity! Proceed with installation
For additional help, watch the macOS tutorial video. Written guides are available for Windows and Ubuntu users.
Installation
Install Sparrow using standard procedures for your operating system.
QubesOS users must first run this command:
sudo mkdir /usr/share/desktop-directories/
Upgrading
Sparrow stores wallets and settings in a separate home folder, distinct from the installation directory. You can safely uninstall or upgrade Sparrow without risking data loss. Ensure the application is closed before proceeding.