How can I verify signed files like Tor Installer with additional sig file?
Hi,
I'm missing one very important "how to". Maybe it is buried somewhere and cannot find it...
I want to use GPG Tools just to verify the signature of a downloaded .dmg installer.
For example the Tor installer is signed only with PGP, unfortunately for me no checksum.
Anyone to give me a link please? Thanx
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Steve on 20 Nov, 2019 01:50 PM
Hi 0J,
welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.
This KB-article explains how to verify signed files.
Let me know if you have more questions or need further assistance after going through that KB.
All the best,
Steve
2 Posted by 0J on 20 Nov, 2019 05:58 PM
Hello Steve,
thank you very much for help!
Steve closed this discussion on 20 Nov, 2019 06:00 PM.
OJ re-opened this discussion on 21 Nov, 2019 09:47 AM
3 Posted by OJ on 21 Nov, 2019 09:47 AM
Hello Steve,
something is wrong, maybe I'm wrong :-)
I tried to paste from clipboard the PGP Signature
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEdYzJWMKIiDwvgTtNGUkNSIx2SxAFAl3ARWwACgkQGUkNSIx2
SxAJ2RAAmlhykI0fKyw7WJXFvrIDQA6cvqfXd4Q62HClW+PWXccDJDsq+QXX1IUw
Nho0rm94ya+6JeMZhEMyY1I0kSmIH0sAzXGqSxrcyFlNzlX2zkD9BuaI9sDpKvX5
a317rbviLeJ2cC9rbo/zl6pS3ElreYLUvA2KOEHXvZKMg7AXIyRx5qc2LtC/4rOU
sB7sP5StefdVHXWkhpfD6AJEfNoYBRDKb/BaiZny4v8AJ+mTz2ywiA7omwOM9hBc
Y66axTvviWAuT/fy7OMgmnsz725wXBlg7CZvIvJG9hy4euozDD3How+kty+pk+JF
vwjkzQ5n7NWmSGCBr1QPxhgRWNpy8ZSCLLsgeknhXgCH6AqUKKuyhUPc381ckYrz
JoImHKfW6sBrW7rZkWYs3GYmi4kN55QKk9wX/KkGMp3E8mY/+5CltIe/HtapoyH6
/HU5w4F8s5v+sF/F4erz09nAgCMiE03E46430yCIT/RZ24d+teHWRLsuwAKIxlr7 4zm62xxMwQIXRXFO38aKsSa7Jr1Z0snSGp68rDns0I+GgjUTW3tQL4kN7SiIcTKi
bc782EzJMRMdEcVKA1G2pVIRLgBS5SvdculObz+cLoHADoEihS6wYbKF1sRlI56e
8r4BFr6yz96CfI54124lvu/YWf9JFAYDt3J+X9zfSx9BM8U/5i8=
=KLK6 -----END PGP SIGNATURE-----
and get the answer that this is not a signature and the same message from a .txt file I created..
Some more help please?
Support Staff 4 Posted by Steve on 21 Nov, 2019 10:30 PM
Can you please list the steps you took to create the signature and then the steps you took to verify.
5 Posted by OJ on 22 Nov, 2019 08:37 AM
Hello Steve,
First I have to mention that this is not an installer file signature, it is a canary signature.
I copied the signature and pasted in to the PGP app window - the answer was Not an valid signature.
I created an .txt file with the content of the signature and pulled the closed file into the PGP app window. Same answer as in step 1.
Thank you
Support Staff 6 Posted by Steve on 22 Nov, 2019 09:20 AM
Can you link to the age with the canary signature so we can try to reproduce why the verification is not working for you.
And please also attach the txt file you created again so that we can reproduce the issue and see what is going wrong.
7 Posted by OJ on 22 Nov, 2019 11:45 AM
here is the link: https://api.azirevpn.com/v1/warrantcanary and attached the txt file.
Thank you for support Steve
Support Staff 8 Posted by Steve on 22 Nov, 2019 02:26 PM
We tried to verify the signature of the link you sent and were able to do so.
For the verification to be successful keep in mind that you need to have the public key first. So search for the fingerprint they give and after downloading the public key please retry.
Also you may want to ask that company to upload and verify theri public key to keys.openpgp.org
Best,
Steve
9 Posted by OJ on 22 Nov, 2019 03:25 PM
Here is my result.
Support Staff 10 Posted by Steve on 22 Nov, 2019 08:43 PM
Importing the signature into GPG Keychain won't work as that is the key manager.
Please
11 Posted by OJ on 22 Nov, 2019 09:35 PM
Thank you Steve,
and please remove the second printscreen.... !!!
OJ
Support Staff 12 Posted by Steve on 22 Nov, 2019 09:43 PM
Glad this is solved for you. I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.
Best,
Steve
Steve closed this discussion on 22 Nov, 2019 09:43 PM.