Matt Pagan commited on 2013-11-05 23:20:17
Zeige 1 geänderte Dateien mit 14 Einfügungen und 32 Löschungen.
- docs/en/verifying-signatures.wml 2629ff3f3..30c501a70
| ... | ... |
@@ -48,43 +48,31 @@ |
| 48 | 48 |
|
| 49 | 49 |
<h3>Where do I get the signatures and the keys that made them?</h3> |
| 50 | 50 |
<hr> |
| 51 |
- |
|
| 52 |
- <p>Each file on <a href="<page download/download>">our download |
|
| 51 |
+ <p>Each file on <a href="/web/20130929222100/https://www.torproject.org/download/download.html.en">our download |
|
| 53 | 52 |
page</a> is accompanied by a file with the same name as the |
| 54 | 53 |
package and the extension ".asc". These .asc files are GPG |
| 55 | 54 |
signatures. They allow you to verify the file you've downloaded |
| 56 | 55 |
is exactly the one that we intended you to get. For example, |
| 57 |
- tor-browser-<version-torbrowserbundle>_en-US.exe is accompanied by |
|
| 58 |
- tor-browser-<version-torbrowserbundle>_en-US.exe.asc. For a list |
|
| 59 |
- of which developer signs which package, see our <a href="<page |
|
| 60 |
- docs/signing-keys>">signing keys</a> page.</p> |
|
| 61 |
- |
|
| 62 |
- <img alt="Download the bundle and the signature" src="../../images/download-tbb-sig.jpg" width="746" height="397"> |
|
| 63 |
- |
|
| 64 |
- <br /> |
|
| 56 |
+ tor-browser-2.3.25-13_en-US.exe is accompanied by |
|
| 57 |
+ tor-browser-2.3.25-13_en-US.exe.asc. For a list |
|
| 58 |
+ of which developer signs which package, see our <a href="/web/20130929222100/https://www.torproject.org/docs/signing-keys.html.en">signing keys</a> page.</p> |
|
| 65 | 59 |
<h3>Windows</h3> |
| 66 | 60 |
<hr> |
| 67 |
- |
|
| 68 | 61 |
<p>You need to have GnuPG installed before |
| 69 | 62 |
you can verify signatures. Download it from <a |
| 70 |
- href="http://gpg4win.org/download.html">http://gpg4win.org/download.html</a>.</p> |
|
| 71 |
- |
|
| 63 |
+ href="/web/20130929222100/http://gpg4win.org/download.html">http://gpg4win.org/download.html</a>.</p> |
|
| 72 | 64 |
<p>Once it's installed, use GnuPG to import the key that signed your |
| 73 | 65 |
package. Since GnuPG for Windows is a command-line tool, you will need |
| 74 |
- to use <i>cmd.exe</i>.<br></br> |
|
| 75 |
- |
|
| 76 |
- <img alt="cmd.exe" src="../../images/cmd.jpg" width="405" height="512"> |
|
| 77 |
- |
|
| 66 |
+ to use <i>cmd.exe</i>. Unless you edit your PATH environment variable, |
|
| 67 |
+ you will need to tell Windows the full path to the GnuPG program. If |
|
| 68 |
+ you installed GnuPG with the default values, the path should be |
|
| 69 |
+ something like this: <i>C:\Program Files\Gnu\GnuPg\gpg.exe</i>.</p> |
|
| 78 | 70 |
<p>Erinn Clark signs the Tor Browser Bundles. Import her key |
| 79 |
- (0x63FEE659) by starting <i>cmd.exe</i> and typing:</p> |
|
| 80 |
- |
|
| 81 |
- <pre>gpg --keyserver hkp://keys.gnupg.net --recv-keys 0x63FEE659</pre> |
|
| 82 |
- |
|
| 83 |
- <p><strong>Note that Windows 8 users may need to type gpg2 rather than gpg.</strong> <br />After importing the key, you can verify that the fingerprint |
|
| 71 |
+ (0x416F061063FEE659) by starting <i>cmd.exe</i> and typing:</p> |
|
| 72 |
+ <pre>"C:\Program Files\Gnu\GnuPg\gpg.exe" --keyserver x-hkp://pool.sks-keyservers.net --recv-keys 0x416F061063FEE659</pre> |
|
| 73 |
+ <p>After importing the key, you can verify that the fingerprint |
|
| 84 | 74 |
is correct:</p> |
| 85 |
- |
|
| 86 |
- <pre>gpg --fingerprint 0x63FEE659</pre> |
|
| 87 |
- |
|
| 75 |
+ <pre>"C:\Program Files\Gnu\GnuPg\gpg.exe" --fingerprint 0x416F061063FEE659</pre> |
|
| 88 | 76 |
<p>You should see:</p> |
| 89 | 77 |
<pre> |
| 90 | 78 |
pub 2048R/63FEE659 2003-10-16 |
| ... | ... |
@@ -98,12 +85,8 @@ |
| 98 | 85 |
<p>To verify the signature of the package you downloaded, you will need |
| 99 | 86 |
to download the ".asc" file as well. Assuming you downloaded the |
| 100 | 87 |
package and its signature to your Desktop, run:</p> |
| 101 |
- |
|
| 102 |
- <pre>cd Desktop</pre> |
|
| 103 |
- <pre>gpg --verify tor-browser-< VERSION NUMBER >_en-US.exe.asc tor-browser-< VERSION NUMBER >_en-US.exe</pre> |
|
| 104 |
- |
|
| 88 |
+ <pre>"C:\Program Files\Gnu\GnuPg\gpg.exe" --verify C:\Users\Alice\Desktop\tor-browser-2.3.25-13_en-US.exe.asc C:\Users\Alice\Desktop\tor-browser-2.3.25-13_en-US.exe</pre> |
|
| 105 | 89 |
<p>The output should say "Good signature": </p> |
| 106 |
- |
|
| 107 | 90 |
<pre> |
| 108 | 91 |
gpg: Signature made Wed 31 Aug 2011 06:37:01 PM EDT using RSA key ID 63FEE659 |
| 109 | 92 |
gpg: Good signature from "Erinn Clark <erinn@torproject.org>" |
| ... | ... |
@@ -121,8 +103,6 @@ |
| 121 | 103 |
to the developer. The best method is to meet the developer in person and |
| 122 | 104 |
exchange key fingerprints. |
| 123 | 105 |
</p> |
| 124 |
- <img alt="Verify the signature" src="../../images/verify-bundle.png" width="769" height="454"> |
|
| 125 |
- <br /> |
|
| 126 | 106 |
<h3>Mac OS X</h3> |
| 127 | 107 |
<hr> |
| 128 | 108 |
|
| 129 | 109 |