Verifying a message with PGP #

Verifying messages is commonly used to check the authenticity of market links. Markets publish signed messages containing links to their market. If you have the market’s public key you can use it to verify that the message was created by the market and that the links are legitimate.

Markets, vendors and moderators will sometimes sign announcements or warnings. You can also use this to verify those.

Tails

Before you can verify the PGP signed message, you need to import the public key of the user that signed the message. So see where it is listed (e.g. on the vendor’s profile on the market, or on the market’s subdread) and then import it.

Copy the PGP signed message, it looks something like this:

After you have copied it, click on the clipboard icon at the top taskbar and select “Decrypt/Verify Clipboard”.

A new window should pop up which contains “Good signature from ” at the bottom, if the signature was correct.

Whonix

Before you can verify the PGP signed message, you need to import the public key of the user that signed the message. So see where it is listed (e.g. on the vendor’s profile on the market, or on the market’s subdread) and then import it.

Copy the PGP signed message, it looks something like this:

After you have copied it, open a new editor window, paste the signed message into it and click on the “Sign/Verify” button. A new window should pop up which contains “Good signature from ”, if the signature was correct.