git.schokokeks.org
Repositories
Help
Report an Issue
tor-webwml.git
Code
Commits
Branches
Tags
Suche
Strukturansicht:
c18f0dd52
Branches
Tags
bridges
docs-debian
jobs
master
press-clips
tor-webwml.git
branches
original_web
templates
2-medium.verifying-signatures.pot
Added 19 FAQ entries
Matt Pagan
commited
c18f0dd52
at 2013-08-26 04:06:05
2-medium.verifying-signatures.pot
Blame
History
Raw
# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR The Tor Project, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2009-08-15 13:29+0300\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Content of: <div><h2> #: /home/runa/tor/website/en/verifying-signatures.wml:9 msgid "How to verify signatures for packages" msgstr "" #. type: Content of: <div> #: /home/runa/tor/website/en/verifying-signatures.wml:10 #: /tmp/hKubeOaOvj.xml:33 /tmp/hKubeOaOvj.xml:45 /tmp/hKubeOaOvj.xml:92 msgid "<hr />" msgstr "" #. type: Content of: <div><p> #: /home/runa/tor/website/en/verifying-signatures.wml:12 msgid "" "Each file on <a href=\"<page download>\">our download page</a> is " "accompanied by a file with the same name as the package and the extension \"." "asc\". For example, the current Installation Bundle for Windows: <package-" "win32-bundle-stable-sig>." msgstr "" #. type: Content of: <div><p> #: /home/runa/tor/website/en/verifying-signatures.wml:17 msgid "" "These .asc files are PGP signatures. They allow you to verify the file " "you've downloaded is exactly the one that we intended you to get." msgstr "" #. type: Content of: <div><p> #: /home/runa/tor/website/en/verifying-signatures.wml:20 msgid "" "Of course, you'll need to have our pgp keys in your keyring: if you don't " "know the pgp key, you can't be sure that it was really us who signed it. The " "signing keys we use are:" msgstr "" #. type: Content of: <div><ul><li> #: /home/runa/tor/website/en/verifying-signatures.wml:24 msgid "Roger's (0x28988BF5) typically signs the source code file." msgstr "" #. type: Content of: <div><ul><li> #: /home/runa/tor/website/en/verifying-signatures.wml:25 msgid "Nick's (0x165733EA, or its subkey 0x8D29319A)" msgstr "" #. type: Content of: <div><ul><li> #: /home/runa/tor/website/en/verifying-signatures.wml:26 msgid "Andrew's (0x31B0974B)" msgstr "" #. type: Content of: <div><ul><li> #: /home/runa/tor/website/en/verifying-signatures.wml:27 msgid "Peter's (0x94C09C7F, or its subkey 0xAFA44BDD)" msgstr "" #. type: Content of: <div><ul><li> #: /home/runa/tor/website/en/verifying-signatures.wml:28 msgid "Matt's (0x5FA14861)" msgstr "" #. type: Content of: <div><ul><li> #: /home/runa/tor/website/en/verifying-signatures.wml:29 msgid "Jacob's (0x9D0FACE4)" msgstr "" #. type: Content of: <div><h3> #: /home/runa/tor/website/en/verifying-signatures.wml:32 msgid "Step One: Import the keys" msgstr "" #. type: Content of: <div><p> #: /home/runa/tor/website/en/verifying-signatures.wml:34 msgid "You can import keys directly from GnuPG as well:" msgstr "" #. type: Content of: <div><pre> #: /home/runa/tor/website/en/verifying-signatures.wml:36 #, no-wrap msgid "gpg --keyserver subkeys.pgp.net --recv-keys 0x28988BF5" msgstr "" #. type: Content of: <div><p> #: /home/runa/tor/website/en/verifying-signatures.wml:38 msgid "or search for keys with" msgstr "" #. type: Content of: <div><pre> #: /home/runa/tor/website/en/verifying-signatures.wml:40 #, no-wrap msgid "gpg --keyserver subkeys.pgp.net --search-keys 0x28988BF5" msgstr "" #. type: Content of: <div><p> #: /home/runa/tor/website/en/verifying-signatures.wml:42 msgid "and when you select one, it will be added to your keyring." msgstr "" #. type: Content of: <div><h3> #: /home/runa/tor/website/en/verifying-signatures.wml:44 msgid "Step Two: Verify the fingerprints" msgstr "" #. type: Content of: <div><p> #: /home/runa/tor/website/en/verifying-signatures.wml:46 msgid "Verify the pgp fingerprints using:" msgstr "" #. type: Content of: <div><pre> #: /home/runa/tor/website/en/verifying-signatures.wml:47 #, no-wrap msgid "gpg --fingerprint (insert keyid here)" msgstr "" #. type: Content of: <div> #: /home/runa/tor/website/en/verifying-signatures.wml:48 msgid "The fingerprints for the keys should be:" msgstr "" #. type: Content of: <div><pre> #: /home/runa/tor/website/en/verifying-signatures.wml:51 #, no-wrap msgid "" "pub 1024D/28988BF5 2000-02-27\n" " Key fingerprint = B117 2656 DFF9 83C3 042B C699 EB5A 896A 2898 8BF5\n" "uid Roger Dingledine <arma@mit.edu>\n" "\n" "pub 3072R/165733EA 2004-07-03\n" " Key fingerprint = B35B F85B F194 89D0 4E28 C33C 2119 4EBB 1657 33EA\n" "uid Nick Mathewson <nickm@alum.mit.edu>\n" "uid Nick Mathewson <nickm@wangafu.net>\n" "uid Nick Mathewson <nickm@freehaven.net>\n" "\n" "pub 1024D/31B0974B 2003-07-17\n" " Key fingerprint = 0295 9AA7 190A B9E9 027E 0736 3B9D 093F 31B0 974B\n" "uid Andrew Lewman (phobos) <phobos@rootme.org>\n" "uid Andrew Lewman <andrew@lewman.com>\n" "uid Andrew Lewman <andrew@torproject.org>\n" "sub 4096g/B77F95F7 2003-07-17\n" "\n" "pub 1024D/94C09C7F 1999-11-10\n" " Key fingerprint = 5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E 94C0 9C7F\n" "uid Peter Palfrader\n" "uid Peter Palfrader <peter@palfrader.org>\n" "uid Peter Palfrader <weasel@debian.org>\n" "\n" "pub 1024D/5FA14861 2005-08-17\n" " Key fingerprint = 9467 294A 9985 3C9C 65CB 141D AF7E 0E43 5FA1 4861\n" "uid Matt Edman <edmanm@rpi.edu>\n" "uid Matt Edman <Matt_Edman@baylor.edu>\n" "uid Matt Edman <edmanm2@cs.rpi.edu>\n" "sub 4096g/EA654E59 2005-08-17\n" "\n" "pub 1024D/9D0FACE4 2008-03-11 [expires: 2010-03-11]\n" " Key fingerprint = 12E4 04FF D3C9 31F9 3405 2D06 B884 1A91 9D0F ACE4\n" "uid Jacob Appelbaum <jacob@appelbaum.net>\n" "sub 4096g/D5E87583 2008-03-11 [expires: 2010-03-11]\n" msgstr "" #. type: Content of: <div><p> #: /home/runa/tor/website/en/verifying-signatures.wml:87 msgid "" "(Of course if you want to be really certain that those are the real ones " "then you should check this from more places or even better get into key " "signing and build a trust path to those keys.)" msgstr "" #. type: Content of: <div><h3> #: /home/runa/tor/website/en/verifying-signatures.wml:91 msgid "Step Three: Verify the downloaded package" msgstr "" #. type: Content of: <div><p> #: /home/runa/tor/website/en/verifying-signatures.wml:93 msgid "" "If you're using GnuPG, then put the .asc and the download in the same " "directory and type \"gpg --verify (whatever).asc (whatever)\". It will say " "something like \"Good signature\" or \"BAD signature\" using the following " "type of command:" msgstr "" #. type: Content of: <div><pre> #: /home/runa/tor/website/en/verifying-signatures.wml:99 #, no-wrap msgid "" "gpg --verify tor-0.1.0.17.tar.gz.asc tor-0.1.0.17.tar.gz\n" "gpg: Signature made Wed Feb 23 01:33:29 2005 EST using DSA key ID 28988BF5\n" "gpg: Good signature from \"Roger Dingledine <arma@mit.edu>\"\n" "gpg: aka \"Roger Dingledine <arma@mit.edu>\"\n" "gpg: WARNING: This key is not certified with a trusted signature!\n" "gpg: There is no indication that the signature belongs to the owner.\n" "Primary key fingerprint: B117 2656 DFF9 83C3 042B C699 EB5A 896A 2898 8BF5\n" msgstr "" #. type: Content of: <div><p> #: /home/runa/tor/website/en/verifying-signatures.wml:109 msgid "" "Notice that there is a warning because you haven't assigned a trust index to " "this user. This means that your program verified the key made that " "signature. It's up to the user to decide if that key really belongs to the " "developers. The best method is to meet them in person and exchange gpg " "fingerprints. Keys can also be signed. If you look up Roger or Nick's keys, " "other people have essentially said \"we have verified this is Roger/Nick\". " "So if you trust that third party, then you have a level of trust for that " "arma/nick." msgstr "" #. type: Content of: <div><p> #: /home/runa/tor/website/en/verifying-signatures.wml:118 msgid "All this means is you can ignore the message or assign a trust level." msgstr "" #. type: Content of: <div><p> #: /home/runa/tor/website/en/verifying-signatures.wml:120 msgid "" "For your reference, this is an example of a <em>BAD</em> verification. It " "means that the signature and file contents do not match:" msgstr "" #. type: Content of: <div><pre> #: /home/runa/tor/website/en/verifying-signatures.wml:124 #, no-wrap msgid "" "gpg --verify tor-0.1.0.17.tar.gz.asc\n" "gpg: Signature made Wed Feb 23 01:33:29 2005 EST using DSA key ID 28988BF5\n" "gpg: BAD signature from \"Roger Dingledine <arma@mit.edu>\"\n" msgstr "" #. type: Content of: <div><p> #: /home/runa/tor/website/en/verifying-signatures.wml:129 msgid "" "If you see a message like the above one, then you should not trust the file " "contents." msgstr "" #. type: Content of: <div><p> #: /home/runa/tor/website/en/verifying-signatures.wml:131 msgid "" "If you are running Tor on Debian you should read the instructions on <a href=" "\"<page docs/debian>#packages\">importing these keys to apt</a>." msgstr ""