Matt Pagan commited on 2013-11-05 23:20:17
Zeige 1 geänderte Dateien mit 14 Einfügungen und 32 Löschungen.
... | ... |
@@ -48,43 +48,31 @@ |
48 | 48 |
|
49 | 49 |
<h3>Where do I get the signatures and the keys that made them?</h3> |
50 | 50 |
<hr> |
51 |
- |
|
52 |
- <p>Each file on <a href="<page download/download>">our download |
|
51 |
+ <p>Each file on <a href="/web/20130929222100/https://www.torproject.org/download/download.html.en">our download |
|
53 | 52 |
page</a> is accompanied by a file with the same name as the |
54 | 53 |
package and the extension ".asc". These .asc files are GPG |
55 | 54 |
signatures. They allow you to verify the file you've downloaded |
56 | 55 |
is exactly the one that we intended you to get. For example, |
57 |
- tor-browser-<version-torbrowserbundle>_en-US.exe is accompanied by |
|
58 |
- tor-browser-<version-torbrowserbundle>_en-US.exe.asc. For a list |
|
59 |
- of which developer signs which package, see our <a href="<page |
|
60 |
- docs/signing-keys>">signing keys</a> page.</p> |
|
61 |
- |
|
62 |
- <img alt="Download the bundle and the signature" src="../../images/download-tbb-sig.jpg" width="746" height="397"> |
|
63 |
- |
|
64 |
- <br /> |
|
56 |
+ tor-browser-2.3.25-13_en-US.exe is accompanied by |
|
57 |
+ tor-browser-2.3.25-13_en-US.exe.asc. For a list |
|
58 |
+ of which developer signs which package, see our <a href="/web/20130929222100/https://www.torproject.org/docs/signing-keys.html.en">signing keys</a> page.</p> |
|
65 | 59 |
<h3>Windows</h3> |
66 | 60 |
<hr> |
67 |
- |
|
68 | 61 |
<p>You need to have GnuPG installed before |
69 | 62 |
you can verify signatures. Download it from <a |
70 |
- href="http://gpg4win.org/download.html">http://gpg4win.org/download.html</a>.</p> |
|
71 |
- |
|
63 |
+ href="/web/20130929222100/http://gpg4win.org/download.html">http://gpg4win.org/download.html</a>.</p> |
|
72 | 64 |
<p>Once it's installed, use GnuPG to import the key that signed your |
73 | 65 |
package. Since GnuPG for Windows is a command-line tool, you will need |
74 |
- to use <i>cmd.exe</i>.<br></br> |
|
75 |
- |
|
76 |
- <img alt="cmd.exe" src="../../images/cmd.jpg" width="405" height="512"> |
|
77 |
- |
|
66 |
+ to use <i>cmd.exe</i>. Unless you edit your PATH environment variable, |
|
67 |
+ you will need to tell Windows the full path to the GnuPG program. If |
|
68 |
+ you installed GnuPG with the default values, the path should be |
|
69 |
+ something like this: <i>C:\Program Files\Gnu\GnuPg\gpg.exe</i>.</p> |
|
78 | 70 |
<p>Erinn Clark signs the Tor Browser Bundles. Import her key |
79 |
- (0x63FEE659) by starting <i>cmd.exe</i> and typing:</p> |
|
80 |
- |
|
81 |
- <pre>gpg --keyserver hkp://keys.gnupg.net --recv-keys 0x63FEE659</pre> |
|
82 |
- |
|
83 |
- <p><strong>Note that Windows 8 users may need to type gpg2 rather than gpg.</strong> <br />After importing the key, you can verify that the fingerprint |
|
71 |
+ (0x416F061063FEE659) by starting <i>cmd.exe</i> and typing:</p> |
|
72 |
+ <pre>"C:\Program Files\Gnu\GnuPg\gpg.exe" --keyserver x-hkp://pool.sks-keyservers.net --recv-keys 0x416F061063FEE659</pre> |
|
73 |
+ <p>After importing the key, you can verify that the fingerprint |
|
84 | 74 |
is correct:</p> |
85 |
- |
|
86 |
- <pre>gpg --fingerprint 0x63FEE659</pre> |
|
87 |
- |
|
75 |
+ <pre>"C:\Program Files\Gnu\GnuPg\gpg.exe" --fingerprint 0x416F061063FEE659</pre> |
|
88 | 76 |
<p>You should see:</p> |
89 | 77 |
<pre> |
90 | 78 |
pub 2048R/63FEE659 2003-10-16 |
... | ... |
@@ -98,12 +85,8 @@ |
98 | 85 |
<p>To verify the signature of the package you downloaded, you will need |
99 | 86 |
to download the ".asc" file as well. Assuming you downloaded the |
100 | 87 |
package and its signature to your Desktop, run:</p> |
101 |
- |
|
102 |
- <pre>cd Desktop</pre> |
|
103 |
- <pre>gpg --verify tor-browser-< VERSION NUMBER >_en-US.exe.asc tor-browser-< VERSION NUMBER >_en-US.exe</pre> |
|
104 |
- |
|
88 |
+ <pre>"C:\Program Files\Gnu\GnuPg\gpg.exe" --verify C:\Users\Alice\Desktop\tor-browser-2.3.25-13_en-US.exe.asc C:\Users\Alice\Desktop\tor-browser-2.3.25-13_en-US.exe</pre> |
|
105 | 89 |
<p>The output should say "Good signature": </p> |
106 |
- |
|
107 | 90 |
<pre> |
108 | 91 |
gpg: Signature made Wed 31 Aug 2011 06:37:01 PM EDT using RSA key ID 63FEE659 |
109 | 92 |
gpg: Good signature from "Erinn Clark <erinn@torproject.org>" |
... | ... |
@@ -121,8 +103,6 @@ |
121 | 103 |
to the developer. The best method is to meet the developer in person and |
122 | 104 |
exchange key fingerprints. |
123 | 105 |
</p> |
124 |
- <img alt="Verify the signature" src="../../images/verify-bundle.png" width="769" height="454"> |
|
125 |
- <br /> |
|
126 | 106 |
<h3>Mac OS X</h3> |
127 | 107 |
<hr> |
128 | 108 |
|
129 | 109 |