[tor-talk] How to verify the authenticity of the Torbutton xpi file

Hi, Is there a way to verify the authenticity of the downloaded Torbutton xpi file and if not, wouldn't it be important to have this option? Thanks a lot! -- Michael Gomboc pgp-id: 0x5D41FDF8 ___ tor-talk mailing list tor-talk@lists.torproject.org htt

Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file

On 9/23/11 3:15 PM, Michael Gomboc wrote: > Hi, > > Is there a way to verify the authenticity of the downloaded Torbutton > xpi file and if not, wouldn't it be important to have this option?+ Skip the TorButton and use the more safe TorBrowser Bundle: https://www.torproject.org/projects/torbrows

Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file

On Friday, September 23, 2011 09:15:38 Michael Gomboc wrote: > Hi, > > Is there a way to verify the authenticity of the downloaded Torbutton xpi > file and if not, wouldn't it be important to have this option? Download the torbutton.xpi.asc and check the signature. See https://www.torproject.org/

Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file

Thanks Andrew. But when the SSL certificate is faked 2011/9/23 Andrew Lewman > On Friday, September 23, 2011 09:15:38 Michael Gomboc wrote: > > Hi, > > > > Is there a way to verify the authenticity of the downloaded Torbutton xpi > > file and if not, wouldn't it be important to have this o

Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file

On 23/09/11 15:10, Michael Gomboc wrote: > Thanks Andrew. But when the SSL certificate is faked If you have the public key which corresponds to the private key which was used to create the signature, then it doesn't matter if the SSL certificate is faked. Even using non-SSL http would be fine

Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://trac.torproject.org/projects/tor/ticket/4090 -BEGIN PGP SIGNATURE- iF4EAREKAAYFAk58nAAACgkQyM26BSNOM7ZbdQD+IhTTw04tCBr9lkw9RtA06ZWD GsnQVibaSNOPuWrU7DEA/0Sug1/317Dbq25M9g4gjf8FREkTMQLZe1GAM+jthvng =pWhA -END PGP SIGNATURE- __

Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file

OK, I guess I know too less about PGP. So, if someone does not have the private key, they cannot provide the right signature. So even if you download the signature and the file from a fake page, you would notice by checking the authenticity. Is that right? Thanks again. :-) 2011/9/23 > On 23/09

Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file

On 23/09/11 16:28, Michael Gomboc wrote: > OK, I guess I know too less about PGP. So, if someone does not have the > private key, they cannot provide the right signature. So even if you > download the signature and the file from a fake page, you would notice > by checking the authenticity. Is that

Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file

t...@lists.grepular.com wrote: On 23/09/11 16:28, Michael Gomboc wrote: OK, I guess I know too less about PGP. So, if someone does not have the private key, they cannot provide the right signature. So even if you download the signature and the file from a fake page, you would notice by checking