In terminal:
sudo apt-get install wget
wget https://ricochet.im/john-brooks.asc
gpg --import john-brooks.asc
Verify the fingerprint of the imported key:
gpg --fingerprint 183C045D
The output should be:
pub rsa2048/0xFF97C53F183C045D 2013-11-08 [SC] [expires: 2017-11-08]
Key fingerprint = 9032 CAE4 CBFA 933A 5A21 45D5 FF97 C53F 183C 045D
uid [ unknown] John Brooks
sub rsa2048/0xAF79FAB717EDC112 2013-11-08 [E] [expires: 2017-11-08]
Key fingerprint = F2B7 E0A2 9A31 99BE 197E 1263 AF79 FAB7 17ED C112
Now, you can verify the .asc with gpg:
cd into the folder where you downloaded the .tar and the .asc and:
gpg --verify ricochet.tar.asc
You should see: GOOD SIGNATURE
gpg: Signature made Sat 05 Nov 2016 03:22:52 AM CET
gpg: using RSA key 0xFF97C53F183C045D
gpg: Good signature from "John Brooks " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9032 CAE4 CBFA 933A 5A21 45D5 FF97 C53F 183C 045D
Now you can be sure your tar is immaculate so you can extract it and run
'ricochet' executable.
