User Tools

Site Tools


docu:csheet:ofsec:priv:verify_gpg

This is an old revision of the document!


Verify files with GPG signatures (example: TorBrowser)


This little snippet helps you understand the commands you need, to understand the basics of verifying files with their GPG signatures (.asc)

# download the keys from key-server (command can be different)
gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
 
# export the keyring given the public key (in this case: EF6E286DDA85EA2A4BA7DE684E2C6E879328290)
gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E879328290
 
# verify the xz file against the corresponding xz.asc signature file
gpgv --keyring ./tor.keyring tor-browser-linux64-9.0.6_en-US.tar.xz{.asc,}
docu/csheet/ofsec/priv/verify_gpg.1584056604.txt.gz · Last modified: 2020/03/12 23:43 by admin