[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Verifying signatures



Hello.

I've just gone through the or-talk archives from August 2004 to the present, March 2010 and I cannot see anymore. I found a couple of  threads on verifying signatures. One led back to the Torproject web page and leaves me lost again. The other involved using something called ASDF-Install. I am not familiar with this.

I've asked this question before but will try one more time. I think I really should know how to do this but nothing tells or shows me how. I really need someone to walk me through this, if someone will. If I cannot get this then I will have to stop using Tor, at least because it seems imperative to know what package I have is authentic.

At the Torproject site, the directions are as follows:
I'll need someone's keys. Okay.
Step one: Import the keys Right. From where exactly and how, exactly.
Step two: Verify the fingerprints. Yeah? How exactly? I still have never been able to locate a file with .asc at the end of it. I am on Mac OS 10.5.2 ppc. Where is it?
Step three: Verify the download package. Right again. "If you're using GnuPG..." well, what if I'm not? I tried downloading that and installing it. It went okay but it either won't open, and then I couldn't find the download at all.  Kinda lost here.
"use the following type of command"    exactly where do I use this so-called "following type of command?"

For instance, under Step one: Import the keys is the following information:
gpg --keyserver subkeys.pgp.net --recv-keys 0x28988BF5                What exactly is this?
Is it an address?
Help please!