Browse code
verification: add TOC
traumschule authored on 26/08/2018 10:59:54
Showing 1 changed files
| ... | ... |
@@ -10,6 +10,18 @@ |
| 10 | 10 |
</div> |
| 11 | 11 |
<div id="maincol"> |
| 12 | 12 |
<h1>How to verify signatures for packages</h1> |
| 13 |
+ |
|
| 14 |
+<!-- START TOC --> |
|
| 15 |
+ <ol> |
|
| 16 |
+ <li><a href="#Why">What is a signature and why should I check it?</a></li> |
|
| 17 |
+ <li><a href="#Where">Where do I get the signatures and the keys that made them?</a></li> |
|
| 18 |
+ <li><a href="#Windows">Windows</a></li> |
|
| 19 |
+ <li><a href="#MacosLinux">Mac OS X and Linux</a></li> |
|
| 20 |
+ <li><a href="#BuildVerification">Verifying sha256sums (advanced)</a></li> |
|
| 21 |
+ <li><a href="#Scripts">Scripts</a></li> |
|
| 22 |
+ <li><a href="#MARVerification">Verifying MAR files we ship (advanced)</a></li> |
|
| 23 |
+ </ol> |
|
| 24 |
+<!-- END TOC --> |
|
| 13 | 25 |
<hr> |
| 14 | 26 |
|
| 15 | 27 |
<p>Digital signature is a process ensuring that a certain package was |
| ... | ... |
@@ -21,6 +33,7 @@ |
| 21 | 33 |
about how it works see <a href="https://en.wikipedia.org/wiki/Digital_signature"> |
| 22 | 34 |
https://en.wikipedia.org/wiki/Digital_signature</a>.</p> |
| 23 | 35 |
|
| 36 |
+ <a name="Why"></a> |
|
| 24 | 37 |
<h3>What is a signature and why should I check it?</h3> |
| 25 | 38 |
<hr> |
| 26 | 39 |
|
| ... | ... |
@@ -74,6 +87,7 @@ |
| 74 | 87 |
attacker. The better question to answer is: "Is this file that I |
| 75 | 88 |
just downloaded the file that Tor intended me to get?"</p> |
| 76 | 89 |
|
| 90 |
+ <a name="Where"></a> |
|
| 77 | 91 |
<h3>Where do I get the signatures and the keys that made them?</h3> |
| 78 | 92 |
<hr> |
| 79 | 93 |
<p>Each file on <a href="<page download/download>">our download |
| ... | ... |
@@ -92,6 +106,7 @@ |
| 92 | 106 |
signature you should not worry that the reported date may vary. |
| 93 | 107 |
</p> |
| 94 | 108 |
|
| 109 |
+ <a name="Windows"></a> |
|
| 95 | 110 |
<h3>Windows</h3> |
| 96 | 111 |
<hr> |
| 97 | 112 |
<p>First of all you need to have GnuPG installed before you can verify signatures. |
| ... | ... |
@@ -143,6 +158,7 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 |
| 143 | 158 |
exchange key fingerprints. |
| 144 | 159 |
</p> |
| 145 | 160 |
|
| 161 |
+ <a name="MacosLinux"></a> |
|
| 146 | 162 |
<h3>Mac OS X and Linux</h3> |
| 147 | 163 |
<hr> |
| 148 | 164 |
|
| ... | ... |
@@ -288,6 +304,7 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 |
| 288 | 304 |
build.</li> |
| 289 | 305 |
</ul> |
| 290 | 306 |
|
| 307 |
+ <a id="Scripts"></a> |
|
| 291 | 308 |
<p><a href="https://github.com/isislovecruft/scripts/blob/master/verify-gitian-builder-signatures">Scripts</a> |
| 292 | 309 |
to <a href="https://tor.stackexchange.com/questions/648/how-to-verify-tor-browser-bundle-tbb-3-x">automate</a> |
| 293 | 310 |
these steps have been written, but to use them you will need to modify |