User Tools

Site Tools


docu:csheet:ofsec:priv:verify_gpg

Verify files with GPG signatures (example: TorBrowser)


This little snippet helps you understand the basics of verifying files with their GPG signatures (.asc)

# download the keys from key-server (command can be different)
gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
 
# export the keyring given the public key (in this case: EF6E286DDA85EA2A4BA7DE684E2C6E879328290)
gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E879328290
 
# verify the xz file against the corresponding xz.asc signature file
gpgv --keyring ./tor.keyring tor-browser-linux64-9.0.6_en-US.tar.xz{.asc,}
docu/csheet/ofsec/priv/verify_gpg.txt · Last modified: 2020/03/12 23:43 by admin