Hi Everyone,
(moving this email from the support-team ML to tor-dev as Runa suggested.)
I am starting to work on a small GUI tool for file verification because I find guiding users through the verification process on Windows/Mac through the command line painful.
Tools in use: - Python 3.3 or 2.7 (still didn't decide yet). - PyQT - python-gnupg-0.3.5
I might also add a log window and a save log button to see what went wrong during the verification process.
Attached is a draft design of how the tool would look like.
On Mon, Sep 23, 2013 at 7:12 PM, Lunar lunar@torproject.org wrote:
How do you think users will be able to install such a tool on their system?
There won't be any installation required It's a single executable.
More importantly, how will they be able to ensure that it's not a tampered version?
I've thought about that and few things came to mind: - Include the executable inside TBB. - Host it somewhere and also provide a SHA-256 hash on a website or in a file.
But this is all an endless chain because lets say I download TBB, then download gpg to verify it but then how do I make sure that gpg it self wasn't tampered with? (assuming I don't have it installed already.)
Any help or suggestions would be much appreciated.
Thanks.