[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file

On 23/09/11 16:28, Michael Gomboc wrote:

> OK, I guess I know too less about PGP. So, if someone does not have the
> private key, they cannot provide the right signature. So even if you
> download the signature and the file from a fake page, you would notice
> by checking the authenticity. Is that right?

That is correct. For example, I have signed this email with my private
pgp key. I am the only person with access to that private key. The
corresponding public key is available on the Internet for anyone to
download, in several places. Anyone who has my public key can verify
that this email was signed by me, and that it hasn't been tampered with.
This is the same process used to sign Tor.

Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list