[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file

On 23/09/11 15:10, Michael Gomboc wrote:

> Thanks Andrew. But when the SSL certificate is faked....

If you have the public key which corresponds to the private key which
was used to create the signature, then it doesn't matter if the SSL
certificate is faked. Even using non-SSL http would be fine.


If the file, or the signature file you download are tampered with, doing
this verification will alert you to that fact.

Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list