[tor-talk] How to verify the authenticity of the Torbutton xpi file
tor at lists.grepular.com
tor at lists.grepular.com
Fri Sep 23 14:20:15 UTC 2011
On 23/09/11 15:10, Michael Gomboc wrote:
> Thanks Andrew. But when the SSL certificate is faked....
If you have the public key which corresponds to the private key which
was used to create the signature, then it doesn't matter if the SSL
certificate is faked. Even using non-SSL http would be fine.
https://www.torproject.org/docs/verifying-signatures.html
If the file, or the signature file you download are tampered with, doing
this verification will alert you to that fact.
--
Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc
Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110923/900fcb8e/attachment.pgp>
More information about the tor-talk
mailing list