==== Verify files with GPG signatures (example: TorBrowser) ====

\\
This little snippet helps you understand the basics of verifying files with their GPG signatures (.asc)
<code bash>
# download the keys from key-server (command can be different)
gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

# export the keyring given the public key (in this case: EF6E286DDA85EA2A4BA7DE684E2C6E879328290)
gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E879328290

# verify the xz file against the corresponding xz.asc signature file
gpgv --keyring ./tor.keyring tor-browser-linux64-9.0.6_en-US.tar.xz{.asc,}
</code>