To use Bisq, you must first download and install it. Most exchanges are centralized exchanges running on servers controlled by the exchange. Bisq is decentralized, running only on the desktops of Bisq users.

Bisq manages offers to trade using a peer-to-peer network. This is a global network made of users who are also running Bisq on their own computers.

Centralized services are easy to monitor, block, and shut down, while peer-to-peer networks like BitTorrent, Bitcoin and Bisq are difficult to surveil, censor, shut down or hack.

All of this means that if you want to use the Bisq network, you must download and run the software on your own machine.

Download Bisq

The most convenient way to install Bisq on your machine is from a pre-built install file from the Bisq website or latest GitHub release.

There's also a community-maintained Snap package for various Linux distributions.

See install notes for various Linux distributions below.

You can download the installer for your operating system and install Bisq right away, but we strongly recommend that you verify the integrity of your installer file first.

If you have issues, please check the Known issues with installation section in release notes.

Verify installer file

Bisq2 specific instructions

Bisq2 can be downloaded here. Before installing software that manages your funds, you should always verify the installer has not been tampered with, to avoid the risk of losing funds due to a compromised download.

Usually, installation binaries are signed by Alejandro García (key ID: E222AA02, primary release manager). However, since this key has expired — and the expired key was included in previous versions of the Bisq2 app — the in-app verification process would fail when attempting to download version 2.1.2. To prevent this issue, the secondary release manager assumed responsibility for signing that release. The signingkey.asc file specifies the key used for signing the binaries.

HenrikJannsen's signing key can be downloaded here (full fingerprint: B8A5 D214 ADFA A387 A14C 8BCF 02AA 2BAE 387C 8307).

To import the key in Linux and MacOS:

curl https://bisq.network/pubkey/387C8307.asc | gpg --import 

GPG will return "This key is not certified with a trusted signature!", this is normal (see https://serverfault.com/questions/569911/how-to-verify-an-imported-gpg-key for background information what it means)

To verify the installer against the signature:

gpg --digest-algo SHA256 --verify BINARY{.asc*,}

Replace BINARY with the name of the file you downloaded.

In Windows. you can import the key, and subsequently verify the installer, by using Kleopatra.

Any software that manages funds, signs transactions, and deals with highly sensitive data is a prime target for malware. Bisq does all three. Therefore, it is highly recommended that you verify the integrity of the installer file you use to install Bisq.

This verification is something that you should do for the initial Bisq install. After the initial install, you will be prompted to install updates through Bisq's interface. The Bisq software will verify the integrity of updates for you.

Bisq installer files are currently built and signed by Alejandro Garcia (alejandrogarcia83). His public key ID is E222AA02 and fingerprint is B493 3191 06CC 3D1F 252E 19CB F806 F422 E222 AA02, which you can verify through commits on GitHub.

The full public key is available here on the Bisq website.

Bisq 1: Obtain signature files for installer files

All Bisq releases are cryptographically signed by its maintainer. Users can ensure that nobody tampered with the release by verifying its signatures. It’s recommended to download the GPG key from an independent keyserver (such as keys.openpgp.org or keyserver.ubuntu.com to ensure that no adversary replaced the GPG keys and signatures on the release server.

Bisq 1 releases are signed either by Alejandro García (alejandrogarcia83) or Gabriel Bernard (gabernard). Here are the public key ids and fingerprints of both keys:

Alejandro García (public key id 0xF806F422E222AA02): B493 3191 06CC 3D1F 252E 19CB F806 F422 E222 AA02 Gabriel Bernard (public key id 0x6C8D14D84A133008): 1655 3BA9 2694 95EE 53BB A33A 6C8D 14D8 4A13 3008

Windows

Download and install Gpg4win

Windows does not come with GPG software installed by default, so you will need to install it in order to verify Bisq’s installer files. You can get Gpg4win here. Double-click the installer file and proceed to install with all default settings.

Import Alejandro García’s key

Open Kleopatra (part of Gpg4win) and click on “Lookup on Server”. {Image 1}

Next type into the search field alejandro.garcia@disroot.org and press on search. You’ll see the following output: {Image 2}

Press on “Details…” to see the key’s fingerprint and confirm that it is correct. {Image 3}

After verifying that the fingerprint is correct, press on “Close” and press on “Import” to import the key.

Verify the signature of the binary you downloaded

With the install-file.exe and signature-file.exe.asc in the same directory, double-click on the .exe.asc file.

You should see a Kleopatra window pop up with a green progress bar that says “Verified .exe with .exe.asc”. The program will continue to say “The data could not be verified” in bold but you can disregard that message.

This means the installer file we downloaded is intact and as intended. You can proceed to install Bisq by double-clicking the .exe file.

Mac and Linux

Import Alejandro García’s key

To import Alejandro García’s open a terminal and run:

gpg --receive-keys 0xF806F422E222AA02

Next you need to verify key’s fingerprint and tell GPG to trust the key. First run:

gpg --edit-key 0xF806F422E222AA02

Then type:

fpr

Now ensure that you see the same output as here:

gpg> fpr
pub   rsa4096/0xF806F422E222AA02 2022-09-28 Alejandro García <alejandro.garcia@disroot.org>
 Primary key fingerprint: B493 3191 06CC 3D1F 252E  19CB F806 F422 E222 AA02

If the fingerprint matches you can trust the key. To trust the key type:

trust

Now you’ll see following output:

gpg> trust
pub  rsa4096/0xF806F422E222AA02
     created: 2022-09-28  expires: 2026-10-03  usage: SC  
     trust: unknown       validity: unknown
sub  rsa4096/0xE7F08D07C72561D0
     created: 2022-09-28  expires: 2026-10-03  usage: E   
[ unknown] (1). Alejandro García <alejandro.garcia@disroot.org>

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision?

Type 5 to trust to the key and you’ll see following output:

Do you really want to set this key to ultimate trust? (y/N) 

Now type y to confirm. Now you can quit by typing quit.

Verify the signature of the binary you downloaded

With the installer file and installer signature file in the same directory, run:

gpg --verify INSTALLER.asc INSTALLER

Where INSTALLER.asc is the filename of the .asc file you just downloaded.

You should see an output similar to this:

gpg: Signature made Fri 22 Nov 2024 07:42:50 PM UTC
gpg:                using RSA key B493319106CC3D1F252E19CBF806F422E222AA02
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2026-10-03
gpg: Good signature from "Alejandro García <alejandro.garcia@disroot.org>" [ultimate]

Build from source

Building Bisq from source requires only a single command once you have the correct JDK installed on your machine.

Finding and installing the correct JDK can sometimes be frustrating, so Bisq's developers have written scripts to make it easier:

• For Linux and macOS
• For Windows

OS-specific install notes

macOS

Starting with version v1.9.6, we remove notarization from our build pipeline because of of the risk of Apple certification revocation (see https://github.com/bisq-network/bisq/discussions/6341). Unfortunately this will require extra steps when installing Bisq on macOS.

You will receive an error popup saying that Bisq is damaged and can't be opened. You should move it to the Trash.

Please follow the guide at https://support.apple.com/en-us/HT202491 in the section If you want to open an app that hasn’t been notarized or is from an unidentified developer

If you are running already macOS Ventura (13.0+) you need to do following to be able to start Bisq:

• enter following command in Apple Terminal sudo xattr -rd com.apple.quarantine /Applications/Bisq.app
• hit enter and you will be prompted to enter your password to be able to execute the command as super user

After running this successfully you should be able to start Bisq as always.

If this procedure still does not allow you to install Bisq, a last resort workaround is to install Bisq in a Linux Virtual Machine running on your system.

Windows

Starting with version v1.9.6, we remove the developer code signing because of the same reason as with Apple.

For Windows you just have to ignore the warning after you have verified the installation file yourself and proceed with the installation.

Linux (General)

Bisq works with a number of Linux distros, but not all desktop environments are supported.

These are all known compatible desktop environments. This is a growing list. If you find another compatible desktop, please inform us so it can be added.

• GNOME
• Mate
• Xfce
• KDE Plasma
• Cinnamon

Bisq might not work properly if you switch from the original desktop environment of your Linux distribution to a different one.

Note: users with discrete GPUs may encounter issues launching Bisq in some desktop environments.

Arch Linux

The Bisq downloads page includes a link to the Arch User Repository (AUR) page for the bisq package.

1. From the command line, clone the repository from AUR.
2. Then from the cloned directory, run makepkg -si. This will read the PKGBUILD file to download, verify, build, and install the various tools necessary to install Bisq.

If the version found on AUR is not up to date, you can read Fix_Arch_release.

Please be advised: when you're using AUR, you're responsible for your own safety. Be sure to verify the PKGBUILD file.

Gentoo

Use eselect repository enable booboo to use the 'booboo' overlay which carries the binaries, and then emerge bisq

Tails

Please see Running Bisq on Tails for details on downloading, installing, and configuring Bisq on Tails.

Qubes

Please see Running Bisq on Qubes for a detailed Qubes setup guide.

Update Bisq

Installing a new Bisq version will update Bisq. More details at Updating Bisq.