[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Verifying signatures


On Sun, Mar 14, 2010 at 1:41 PM,  <zzzjethro666@xxxxxxxxxxxx> wrote:

> At the Torproject site, the directions are as follows:
> I'll need someone's keys. Okay.
> Step one: Import the keys Right. From where exactly and how, exactly.
> Step two: Verify the fingerprints. Yeah? How exactly? I still have never
> been able to locate a file with .asc at the end of it. I am on Mac OS 10.5.2
> ppc. Where is it?
> Step three: Verify the download package. Right again. "If you're using
> GnuPG..." well, what if I'm not? I tried downloading that and installing it.
> It went okay but it either won't open, and then I couldn't find the download
> at all.  Kinda lost here.
> "use the following type of command"    exactly where do I use this so-called
> "following type of command?"
> For instance, under Step one: Import the keys is the following information:
> gpg --keyserver subkeys.pgp.net --recv-keys 0x28988BF5                What
> exactly is this?
> Is it an address?

Disclaimer: I'm not familiar with the MacOSX operating system very
much, but this could be a start:

First of all, you need to install GnuPG of some sorts on your
Computer. Try this:


If you got that downloaded and installed, you need to fire up a
command shell. Thats a little window into which you can type commands.
Try this address for help:


In that command shell you should be able to execute the "gpg" command
after a successfull install. Try this:

gpg --version

It should give you an output similar to:

gpg (GnuPG) 1.4.10
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

If this was successfull, GnuPG is actually installed on your computer,
yay! Now you will need to import the keys like so on the command

gpg --keyserver subkeys.pgp.net --recv-keys 0x28988BF5

This command will look for the key with the id "0x28988BF5" on server
"subkeys.pgp.net" and download it for you.

After that step is done, locate your package and .asc file, and verify
the package on the command shell:


Where PACKAGENAME should be the name of the package you downloaded.


Hope this helps,
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/