Verifying signatures

zzzjethro666 at email2me.net zzzjethro666 at email2me.net
Mon Mar 15 02:55:22 UTC 2010


 Thank you very much. I will try and walk through this slowly.

 


 

 

-----Original Message-----
From: Christian Fromme <kaner at strace.org>
To: or-talk at freehaven.net
Sent: Sun, Mar 14, 2010 8:13 pm
Subject: Re: Verifying signatures


Hi,

On Sun, Mar 14, 2010 at 1:41 PM,  <zzzjethro666 at email2me.net> wrote:

> At the Torproject site, the directions are as follows:
> I'll need someone's keys. Okay.
> Step one: Import the keys Right. From where exactly and how, exactly.
> Step two: Verify the fingerprints. Yeah? How exactly? I still have never
> been able to locate a file with .asc at the end of it. I am on Mac OS 10.5.2
> ppc. Where is it?
> Step three: Verify the download package. Right again. "If you're using
> GnuPG..." well, what if I'm not? I tried downloading that and installing it.
> It went okay but it either won't open, and then I couldn't find the download
> at all.  Kinda lost here.
> "use the following type of command"    exactly where do I use this so-called
> "following type of command?"
>
> For instance, under Step one: Import the keys is the following information:
> gpg --keyserver subkeys.pgp.net --recv-keys 0x28988BF5                What
> exactly is this?
> Is it an address?

Disclaimer: I'm not familiar with the MacOSX operating system very
much, but this could be a start:

First of all, you need to install GnuPG of some sorts on your
Computer. Try this:

http://macgpg.sourceforge.net/index.html

If you got that downloaded and installed, you need to fire up a
command shell. Thats a little window into which you can type commands.
Try this address for help:

http://aplawrence.com/MacOSX/macosxshell.html

In that command shell you should be able to execute the "gpg" command
after a successfull install. Try this:

gpg --version

It should give you an output similar to:

gpg (GnuPG) 1.4.10
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

If this was successfull, GnuPG is actually installed on your computer,
yay! Now you will need to import the keys like so on the command
shell:

gpg --keyserver subkeys.pgp.net --recv-keys 0x28988BF5

This command will look for the key with the id "0x28988BF5" on server
"subkeys.pgp.net" and download it for you.

After that step is done, locate your package and .asc file, and verify
the package on the command shell:

gpg --verify PACKAGENAME.asc PACKAGENAME

Where PACKAGENAME should be the name of the package you downloaded.

Done.

Hope this helps,
Best,
C
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20100314/72457baa/attachment.htm>


More information about the tor-talk mailing list