Table of Contents ================= - (1) Download and import GPG keys - (1.1) If (1) outputted an error - fix and prevent keyserver issues - (1.2) Re-run the recv-keys command if you had to fix your config - (1.3) Still having trouble downloading the keys with recv-keys? - (1.4) GPG recv-keys STILL won't work, no matter what you try? - (2) Verifying the signatures - (2.1) Download the signature files into the same folder as the PDF - (2.2) Verify the signatures against the PDF (1) Download and import GPG keys ==================================================================================================== Before you can verify the signatures against the document, you'll need to download and import the GPG public keys for the keypairs that were used to create the signatures. In the case of `tor-register.pdf`, the GPG keys used were: chris @ privex (DDB36F2B55284433), kale @ privex (BED8EFF89F1F7520), and privex support (288DD1632F6E8951). The best way to do this is using GPG's key downloading functionality. (`gpg --recv-keys`) # Download + import Privex Customer Support Shared Key (2021 to 2023) + Kale S. - Privex CTO + Chris / Someguy123 - Privex CEO gpg --recv-keys DDB36F2B55284433 BED8EFF89F1F7520 288DD1632F6E8951 # gpg: /home/john/.gnupg/trustdb.gpg: trustdb created # gpg: key 288DD1632F6E8951: public key "Privex Support (Shared key by Privex Inc. support team for Jan 2021 to 2023) " imported # gpg: key BED8EFF89F1F7520: public key "Kale S " imported # gpg: key DDB36F2B55284433: public key "Christopher S. (Privex CEO) " imported # gpg: Total number processed: 3 # gpg: imported: 3 (1.1) If (1) outputted an error - fix and prevent keyserver issues --------------------------------------------------------------- If you get an error, such as "keyserver unavailable" or "keyserver name not found", your GPG may have a broken keyserver configured. To fix this, you should ensure you have a GPG config file, and set your keyserver to a working keyserver, such as the OpenPGP keyserver: hkps://keys.openpgp.org mkdir -p ~/.gnupg # You should probably run this command to set keys.openpgp.org as your # default keyserver (fastest and most reliable as of Jan 2021) echo "keyserver hkps://keys.openpgp.org" | tee -a ~/.gnupg/dirmngr.conf | tee -a ~/.gnupg/gpg.conf (1.2) Re-run the recv-keys command if you had to fix your config --------------------------------------------------------------- If you had to fix your keyserver config in the previous section - you should try re-running the recv-keys command, which should hopefully work this time. gpg --recv-keys DDB36F2B55284433 BED8EFF89F1F7520 288DD1632F6E8951 (1.3) Still having trouble downloading the keys with recv-keys? --------------------------------------------------------------- If you still get a keyserver error, despite having adjusted your config with section 1.1 - then you can try forcing GPG to use a specific key server, such as keys.openpgp.org - for one command: gpg --keyserver hkps://keys.openpgp.org --recv-keys DDB36F2B55284433 BED8EFF89F1F7520 288DD1632F6E8951 (1.4) GPG recv-keys STILL won't work, no matter what you try? --------------------------------------------------------------- If you have trouble with `gpg --recv-keys`, you can download all of Privex's current GPG keys, including staff keys, directly from our CDN and import them into GPG with one command: curl -fsSL https://cdn.privex.io/gpg/privex/combined.asc | gpg --import # gpg: key A07AE80FE77AB97B: public key "Privex Inc. Package Signing Key (Privex signing key for DEB / RPM / etc. packages, including apt.privex.io custom packages) " imported # gpg: key DDB36F2B55284433: public key "Christopher S. (Privex CEO) " imported # gpg: key BED8EFF89F1F7520: public key "Kale S " imported # gpg: key 288DD1632F6E8951: public key "Privex Support (Shared key by Privex Inc. support team for Jan 2021 to 2023) " imported # gpg: Total number processed: 4 #gpg: imported: 4 (2) Verifying the signatures ==================================================================================================== (2.1) Download the signature files into the same folder as the PDF ------------------------------------------------------------------ The easiest way to download the PDF and the signatures is to use wget - copy the commands below to download both the PDF, and all 3 GPG signatures into your current folder. wget https://cdn.privex.io/documents/tor-register/tor-register.pdf wget https://cdn.privex.io/documents/tor-register/chris.asc wget https://cdn.privex.io/documents/tor-register/kale.asc wget https://cdn.privex.io/documents/tor-register/support.asc (2.2) Verify the signatures against the PDF ------------------------------------------- Use `gpg --verify [signature] [file_to_verify]` to check each signature against the original file, to confirm that the signature is valid for that file, and also confirm that a certain person's key signed the file. gpg --verify chris.asc tor-register.pdf # gpg: using RSA key A4A10213ECA1B50E32E69180DDB36F2B55284433 # gpg: issuer "chris@privex.io" # gpg: Good signature from "Christopher S. (Privex CEO) " [ultimate] gpg --verify kale.asc tor-register.pdf # gpg: Good signature from "Kale S " [ultimate] gpg --verify support.asc tor-register.pdf # gpg: Good signature from "Privex Support (Shared key by Privex Inc. support team for Jan 2021 to 2023) " [ultimate]