Releases: lightninglabs/chantools
v0.14.1
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:
curl https://keybase.io/guggero/pgp_keys.asc | gpg --import
You should now be able to list all of guggero's keys:
gpg --list-keys --with-subkey-fingerprints F4FC70F07310028424EFC20A8E4256593F177720
Once you have his PGP key you can verify the release (assuming manifest-v0.14.1.sig and manifest-v0.14.1.txt are in the current directory) with:
gpg --verify manifest-v0.14.1.sig manifest-v0.14.1.txt
You should see the following if the verification was successful:
gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg: using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF C20A 8E42 5659 3F17 7720
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Make sure the key used for the signature is listed in the output of the gpg --list-keys command from above.
Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes (which are
cat manifest-v0.14.1.txt
One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.14.1
What's Changed
Partial CLN compatibility: The following commands now support Core Lightning, to assist with the most common recovery cases:
sweepremoteclosed: To sweep already force closed channels. Similar tohsmtool guess_to_remote, but supports sweeping multiple channels in one transaction, also more convenient.triggerforceclose: For requesting a force close from your peer if channels are still open. Connects to the peer and requests a force close using the p2p protocol.zombierecovery: For rescuing channels where both nodes have lost state and only have the seed or HSM secret available. Interactive command for cooperatively spending the funding multisig output.derivekey: For testing a HSM secret, whether it belongs to a node identity public key.
Full list of changes:
- lnd: improve brontide mock, improve triggerforceclose, make zombierecovery makeoffer CLN compatible by @guggero in #194
- build(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @dependabot[bot] in #195
- build(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 in /tools by @dependabot[bot] in #196
- Add more tests, make
derivekeyCLN compatible, allow disabling log by @guggero in #199
Full Changelog: v0.14.0...v0.14.1
Contributors
Assets 14
- 16.8 MB
2025-07-14T08:55:28Z - 15.9 MB
2025-07-14T08:55:26Z - 15.5 MB
2025-07-14T08:55:25Z - 16.4 MB
2025-07-14T08:55:24Z - 15.2 MB
2025-07-14T08:55:23Z - 15.3 MB
2025-07-14T08:55:22Z - 15.2 MB
2025-07-14T08:55:21Z - 914 KB
2025-07-14T08:55:20Z - 16.8 MB
2025-07-14T08:55:19Z - 566 Bytes
2025-07-14T08:55:19Z -
2025-07-14T08:47:08Z -
2025-07-14T08:47:08Z - Loading
v0.14.0
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:
curl https://keybase.io/guggero/pgp_keys.asc | gpg --import
You should now be able to list all of guggero's keys:
gpg --list-keys --with-subkey-fingerprints F4FC70F07310028424EFC20A8E4256593F177720
Once you have his PGP key you can verify the release (assuming manifest-v0.14.0.sig and manifest-v0.14.0.txt are in the current directory) with:
gpg --verify manifest-v0.14.0.sig manifest-v0.14.0.txt
You should see the following if the verification was successful:
gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg: using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF C20A 8E42 5659 3F17 7720
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Make sure the key used for the signature is listed in the output of the gpg --list-keys command from above.
Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes (which are
cat manifest-v0.14.0.txt
One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.14.0
What's Changed
Partial CLN compatibility: The following commands now support Core Lightning, to assist with the most common recovery cases:
sweepremoteclosed: To sweep already force closed channels. Similar tohsmtool guess_to_remote, but supports sweeping multiple channels in one transaction, also more convenient.triggerforceclose: For requesting a force close from your peer if channels are still open. Connects to the peer and requests a force close using the p2p protocol.zombierecovery: For rescuing channels where both nodes have lost state and only have the seed or HSM secret available. Interactive command for cooperatively spending the funding multisig output.
Full list of changes:
- zombierecovery: match against ancient channel list by @guggero in #184
- multi: compile-time dependency of lnd to 0.19.0 by @starius in #185
- chantools scbforceclose: extract close tx from SCB and sign it by @starius in #95
- build(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 by @dependabot in #186
- build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 by @dependabot in #188
- Add ancient channels from node "BCash_is_trash" by @guggero in #189
- build(deps): bump golang.org/x/crypto from 0.33.0 to 0.35.0 in /tools by @dependabot in #190
- build(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 by @dependabot in #191
- Update to latest lnd 0.19 version by @guggero in #192
- zombierecovery: make compatible with CLN by @guggero in #154
- CLN: Make sweepremoteclosed and triggerforceclose CLN compatible by @guggero in #193
Full Changelog: v0.13.7...v0.14.0
Contributors
Assets 14
v0.13.7
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:
curl https://keybase.io/guggero/pgp_keys.asc | gpg --import
You should now be able to list all of guggero's keys:
gpg --list-keys --with-subkey-fingerprints F4FC70F07310028424EFC20A8E4256593F177720
Once you have his PGP key you can verify the release (assuming manifest-v0.13.7.sig and manifest-v0.13.7.txt are in the current directory) with:
gpg --verify manifest-v0.13.7.sig manifest-v0.13.7.txt
You should see the following if the verification was successful:
gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg: using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF C20A 8E42 5659 3F17 7720
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Make sure the key used for the signature is listed in the output of the gpg --list-keys command from above.
Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes (which are
cat manifest-v0.13.7.txt
One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.13.7
What's Changed
Full Changelog: v0.13.6...v0.13.7
Contributors
Assets 14
v0.13.6
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:
curl https://keybase.io/guggero/pgp_keys.asc | gpg --import
You should now be able to list all of guggero's keys:
gpg --list-keys --with-subkey-fingerprints F4FC70F07310028424EFC20A8E4256593F177720
Once you have his PGP key you can verify the release (assuming manifest-v0.13.6.sig and manifest-v0.13.6.txt are in the current directory) with:
gpg --verify manifest-v0.13.6.sig manifest-v0.13.6.txt
You should see the following if the verification was successful:
gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg: using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF C20A 8E42 5659 3F17 7720
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Make sure the key used for the signature is listed in the output of the gpg --list-keys command from above.
Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes (which are
cat manifest-v0.13.6.txt
One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.13.6
What's Changed
- mod: fix swapserverrpc version with wrong tag by @guggero in #177
- build(deps): bump golang.org/x/net from 0.27.0 to 0.33.0 by @dependabot in #178
- derivekey: support xpubs in addition to xprvs by @starius in #179
- sweepremoteclosed: add commit points for ancient channels of LNBIG by @guggero in #182
Full Changelog: v0.13.5...v0.13.6
Contributors
Assets 14
v0.13.5
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:
curl https://keybase.io/guggero/pgp_keys.asc | gpg --import
You should now be able to list all of guggero's keys:
gpg --list-keys --with-subkey-fingerprints F4FC70F07310028424EFC20A8E4256593F177720
Once you have his PGP key you can verify the release (assuming manifest-v0.13.5.sig and manifest-v0.13.5.txt are in the current directory) with:
gpg --verify manifest-v0.13.5.sig manifest-v0.13.5.txt
You should see the following if the verification was successful:
gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg: using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF C20A 8E42 5659 3F17 7720
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Make sure the key used for the signature is listed in the output of the gpg --list-keys command from above.
Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes (which are
cat manifest-v0.13.5.txt
One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.13.5
What's Changed
- build(deps): bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.5.1 by @dependabot in #166
- build(deps): bump golang.org/x/crypto from 0.22.0 to 0.31.0 by @dependabot in #169
- build(deps): bump golang.org/x/crypto from 0.23.0 to 0.31.0 in /tools by @dependabot in #170
- signpsbt: implement Taproot keyspend signing by @guggero in #171
Full Changelog: v0.13.4...v0.13.5
Contributors
Assets 14
v0.13.4
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:
curl https://keybase.io/guggero/pgp_keys.asc | gpg --import
You should now be able to list all of guggero's keys:
gpg --list-keys --with-subkey-fingerprints F4FC70F07310028424EFC20A8E4256593F177720
Once you have his PGP key you can verify the release (assuming manifest-v0.13.4.sig and manifest-v0.13.4.txt are in the current directory) with:
gpg --verify manifest-v0.13.4.sig manifest-v0.13.4.txt
You should see the following if the verification was successful:
gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg: using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF C20A 8E42 5659 3F17 7720
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Make sure the key used for the signature is listed in the output of the gpg --list-keys command from above.
Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes (which are
cat manifest-v0.13.4.txt
One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.13.4
What's Changed
- makeoffer: use correct keys by @guggero in #159
- go.mod: update lnd to v0.18.3-beta by @starius in #161
- build(deps): bump github.com/jackc/pgx/v5 from 5.3.1 to 5.5.4 by @dependabot in #163
- build(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.14 by @dependabot in #162
- build(deps): bump github.com/btcsuite/btcd from 0.24.0 to 0.24.2 in /tools by @dependabot in #164
- root+doc: change default API server to api.node-recovery.com by @guggero in #165
Full Changelog: v0.13.3...v0.13.4
Contributors
Assets 14
v0.13.3
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:
curl https://keybase.io/guggero/pgp_keys.asc | gpg --import
You should now be able to list all of guggero's keys:
gpg --list-keys --with-subkey-fingerprints F4FC70F07310028424EFC20A8E4256593F177720
Once you have his PGP key you can verify the release (assuming manifest-v0.13.3.sig and manifest-v0.13.3.txt are in the current directory) with:
gpg --verify manifest-v0.13.3.sig manifest-v0.13.3.txt
You should see the following if the verification was successful:
gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg: using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF C20A 8E42 5659 3F17 7720
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Make sure the key used for the signature is listed in the output of the gpg --list-keys command from above.
Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes (which are
cat manifest-v0.13.3.txt
One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.13.3
What's Changed
Full Changelog: v0.13.2...v0.13.3
Contributors
Assets 14
v0.13.2
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:
curl https://keybase.io/guggero/pgp_keys.asc | gpg --import
You should now be able to list all of guggero's keys:
gpg --list-keys --with-subkey-fingerprints F4FC70F07310028424EFC20A8E4256593F177720
Once you have his PGP key you can verify the release (assuming manifest-v0.13.2.sig and manifest-v0.13.2.txt are in the current directory) with:
gpg --verify manifest-v0.13.2.sig manifest-v0.13.2.txt
You should see the following if the verification was successful:
gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg: using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF C20A 8E42 5659 3F17 7720
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Make sure the key used for the signature is listed in the output of the gpg --list-keys command from above.
Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes (which are
cat manifest-v0.13.2.txt
One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.13.2
What's Changed
- build(deps): bump github.com/btcsuite/btcd from 0.23.4 to 0.24.0 in /tools by @dependabot in #134
- gitignore: .idea folder by @hieblmi in #137
- signpsbt: allow signing multiple inputs by @guggero in #142
- update dependencies (LND v0.18.0-beta and co) by @starius in #138
- btc: filter address outputs, only return unspent by @guggero in #143
- Fixed typo in chantools_zombierecovery.md by @drmartinberger in #144
- Update readme with latest command line helptext. by @hieblmi in #145
- rescueclosed: make number of keys configurable by @guggero in #146
- zombierecovery: support MuSig2 to rescue Simple Taproot channels by @guggero in #141
New Contributors
- @hieblmi made their first contribution in #137
- @drmartinberger made their first contribution in #144
Full Changelog: v0.13.1...v0.13.2
Contributors
Assets 14
v0.13.1
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:
curl https://keybase.io/guggero/pgp_keys.asc | gpg --import
You should now be able to list all of guggero's keys:
gpg --list-keys --with-subkey-fingerprints F4FC70F07310028424EFC20A8E4256593F177720
Once you have his PGP key you can verify the release (assuming manifest-v0.13.1.sig and manifest-v0.13.1.txt are in the current directory) with:
gpg --verify manifest-v0.13.1.sig manifest-v0.13.1.txt
You should see the following if the verification was successful:
gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg: using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF C20A 8E42 5659 3F17 7720
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Make sure the key used for the signature is listed in the output of the gpg --list-keys command from above.
Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes (which are
cat manifest-v0.13.1.txt
One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.13.1
What's Changed
- build(deps): bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible by @dependabot in #127
- signpsbt+lnd: fix signing for P2WKH by @guggero in #129
- build(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 by @dependabot in #130
- triggerforceclose: make compatible with all nodes, add Tor support by @guggero in #132
Full Changelog: v0.13.0...v0.13.1
Contributors
Assets 14
v0.13.0
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:
curl https://keybase.io/guggero/pgp_keys.asc | gpg --import
You should now be able to list all of guggero's keys:
gpg --list-keys --with-subkey-fingerprints F4FC70F07310028424EFC20A8E4256593F177720
Once you have his PGP key you can verify the release (assuming manifest-v0.13.0.sig and manifest-v0.13.0.txt are in the current directory) with:
gpg --verify manifest-v0.13.0.sig manifest-v0.13.0.txt
You should see the following if the verification was successful:
gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg: using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF C20A 8E42 5659 3F17 7720
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Make sure the key used for the signature is listed in the output of the gpg --list-keys command from above.
Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes (which are
cat manifest-v0.13.0.txt
One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.13.0
What's Changed
- doublespendinputs: allow RBF per default by @Tetrix42 in #118
- Fix Partial Signature Signing. by @ziggie1984 in #120
- signmessage: add signmessage cmd by @sputn1ck in #121
- build(deps): bump github.com/jackc/pgx/v4 from 4.18.1 to 4.18.2 by @dependabot in #125
- build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.33.0 in /tools by @dependabot in #126
recoverloopin: Sqlite option by @sputn1ck in #113- Add
createwalletandsignpsbtsubcommands by @guggero in #124
New Contributors
Full Changelog: v0.12.2...v0.13.0
