[tor-talk] How to verify the authenticity of the Torbutton xpi file
tor at lists.grepular.com
tor at lists.grepular.com
Sat Sep 24 10:07:05 UTC 2011
On 23/09/11 16:28, Michael Gomboc wrote:
> OK, I guess I know too less about PGP. So, if someone does not have the
> private key, they cannot provide the right signature. So even if you
> download the signature and the file from a fake page, you would notice
> by checking the authenticity. Is that right?
That is correct. For example, I have signed this email with my private
pgp key. I am the only person with access to that private key. The
corresponding public key is available on the Internet for anyone to
download, in several places. Anyone who has my public key can verify
that this email was signed by me, and that it hasn't been tampered with.
This is the same process used to sign Tor.
--
Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc
Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110924/d633716b/attachment.pgp>
More information about the tor-talk
mailing list