Hi Everyone,

(moving this email from the support-team ML to tor-dev as Runa suggested.)

I am starting to work on a small GUI tool for file verification because I find guiding users through the verification process on Windows/Mac through the command line painful.

Tools in use:
- Python 3.3 or 2.7 (still didn't decide yet).
- PyQT
- python-gnupg-0.3.5

I might also add a log window and a save log button to see what went wrong during the verification process.

Attached is a draft design of how the tool would look like.

On Mon, Sep 23, 2013 at 7:12 PM, Lunar <lunar@torproject.org> wrote:
>How do you think users will be able to install such a tool on their
>system? 

There won't be any installation required It's a single executable.

>More importantly, how will they be able to ensure that it's
>not a tampered version?


I've thought about that and few things came to mind:
- Include the executable inside TBB.
- Host it somewhere and also provide a SHA-256 hash on a website or in a file.


But this is all an endless chain because lets say I download TBB, then download gpg to verify it but then how do I make sure that gpg it self wasn't tampered with? (assuming I don't have it installed already.)

Any help or suggestions would be much appreciated.

Thanks.

--
Sherief Alaa
pgp 0x8623B882