OK, I guess I know too less about PGP. So, if someone does not have the private key, they cannot provide the right signature. So even if you download the signature and the file from a fake page, you would notice by checking the <span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); ">authenticity</span>. Is that right?<div>
<br></div><div>Thanks again. :-)</div><div><br><div class="gmail_quote">2011/9/23  <span dir="ltr">&lt;<a href="mailto:tor@lists.grepular.com">tor@lists.grepular.com</a>&gt;</span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On 23/09/11 15:10, Michael Gomboc wrote:<br>
<br>
&gt; Thanks Andrew. But when the SSL certificate is faked....<br>
<br>
</div>If you have the public key which corresponds to the private key which<br>
was used to create the signature, then it doesn&#39;t matter if the SSL<br>
certificate is faked. Even using non-SSL http would be fine.<br>
<br>
<a href="https://www.torproject.org/docs/verifying-signatures.html" target="_blank">https://www.torproject.org/docs/verifying-signatures. hhtml</a><br>
<br>
If the file, or the signature file you download are tampered with, doing<br>
this verification will alert you to that fact.<br>
<font color="#888888"><br>
--<br>
Mike Cardwell <a href="https://grepular.com/" target="_blank">https://grepular.com/</a>  <a href="https://twitter.com/mickeyc" target="_blank">https://twitter.com/mickeyc</a><br>
Professional  <a href="http://cardwellit.com/" target="_blank">http://cardwellit.com/</a> <a href="http://linkedin.com/in/mikecardwell" target="_blank">http://linkedin.com/in/mikecardwell</a><br>
<a href="http://PGP.mit.edu" target="_blank">PGP.mit.edu</a>   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F<br>
<br>
</font><br>_______________________________________________<br>
tor-talk mailing list<br>
<a href="mailto:tor-talk@lists.torproject.org">tor-talk@lists.torproject.org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><font face="arial, helvetica, sans-serif">Michael Gomboc</font><div><font face="arial, helvetica, sans-serif"><b><br></b>pgp-id: 0x5D41FDF8</font></div><br>

</div>