From 3e25b07646fdb5f01f48da329b91b0553f54a396 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Wed, 12 Sep 2018 17:39:19 +0200 Subject: Documentation: update PGP key information to mention transition to new key with ID=0x680D16DE and fingerprint=5069A233D55A0EEB174A5FC3821ACD02680D16DE. --- doc/html/Digital Signatures.html | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) (limited to 'doc/html/Digital Signatures.html') diff --git a/doc/html/Digital Signatures.html b/doc/html/Digital Signatures.html index 17717b48..63a35cde 100644 --- a/doc/html/Digital Signatures.html +++ b/doc/html/Digital Signatures.html @@ -77,23 +77,30 @@ If you do not see the above sentence, the file is very likely corrupted. Note: O

How to Verify PGP Signatures

To verify a PGP signature, follow these steps:

    -
  1. Install any public-key encryption software that supports PGP signatures. For Windows, you can download -Gpg4win. For more information, you can visit -https://www.gnupg.org/.
  2. Create a private key (for information on how to do so, please see the documentation for the public-key encryption software). -
  3. Download our PGP public key from IDRIX website (https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc) or from a trusted public key repository - (ID=0x54DDD393), and import the downloaded key to your keyring (for information on how to do so, please see the documentation for the public-key encryption software). Please check that its fingerprint is -993B7D7E8E413809828F0F29EB559C7C54DDD393.
  4. Sign the imported key with your private key to mark it as trusted (for information on how to do so, please see the documentation for the public-key encryption software).
    +
  5. Install any public-key encryption software that supports PGP signatures. For Windows, you can download Gpg4win. For more information, you can visit https://www.gnupg.org/.
  6. +
  7. Create a private key (for information on how to do so, please see the documentation for the public-key encryption software).
  8. +
  9. Download our PGP public key from IDRIX website (https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc) or from a trusted public key repository + (ID=0x680D16DE), and import the downloaded key to your keyring (for information on how to do so, please see the documentation for the public-key encryption software). Please check that its fingerprint is +5069A233D55A0EEB174A5FC3821ACD02680D16DE. + +
  10. +
  11. Sign the imported key with your private key to mark it as trusted (for information on how to do so, please see the documentation for the public-key encryption software).

    Note: If you skip this step and attempt to verify any of our PGP signatures, you will receive an error message stating that the signing key is invalid. -
  12. Download the digital signature by downloading the PGP Signature of the file you want to verify (on the -Downloads page). -
  13. Verify the downloaded signature (for information on how to do so, please see the documentation for the public-key encryption software). -
+ +
  • Download the digital signature by downloading the PGP Signature of the file you want to verify (on the Downloads page). +
  • +
  • Verify the downloaded signature (for information on how to do so, please see the documentation for the public-key encryption software).
  • +

    Under Linux, these steps can be achieved using the following commands:

    \ No newline at end of file -- cgit v1.2.3