Verifying a message with PGP
Verifying messages is commonly used to check the authenticity of market links. Markets publish signed messages containing links to their market. If you have the market’s public key you can use it to verify that the message was created by the market and that the links are legitimate.
Markets, vendors and moderators will sometimes sign announcements or warnings. You can also use this to verify those.
Before you can verify the PGP signed message, you need to import the public key of the user that signed the message. So see where it is listed (e.g. on the vendor’s profile on the market, or on the market’s subdread) and then import it.
-
Open Kleopatra and click Notepad
-
Copy the PGP signed message, and paste it into the text field. It looks something like this:
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512
Text of the PGP signed message. —–BEGIN PGP SIGNATURE—–
iQIcBAEBAgAGBQJYsU1SAAoJEMPzj/CHV15DkfgP/RcJw9EtFiv/+4LIV5rrgqcF +FHEZiYb5jQhsqHrR7jS69rAwxzMD/rttQxMMw4cXBDh/dQaelwOVWbcy4DUwHaj c3gFOzt/42VK40LcQlEs =ON6z —–END PGP SIGNATURE—–
-
Click Decrypt Verify
-
If the signature was signed by someone you have imported their key you will see Valid Signuate in green.
- If the message he been altered. Or you copied it with a letter or extra space. It will show Invalid Signaute in Red.
Before you can verify the PGP signed message, you need to import the public key of the user that signed the message. So see where it is listed (e.g. on the vendor’s profile on the market, or on the market’s subdread) and then import it.
Copy the PGP signed message, it looks something like this:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Text of the PGP signed message.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJYsU1SAAoJEMPzj/CHV15DkfgP/RcJw9EtFiv/+4LIV5rrgqcF
+FHEZiYb5jQhsqHrR7jS69rAwxzMD/rttQxMMw4cXBDh/dQaelwOVWbcy4DUwHaj
c3gFOzt/42VK40LcQlEs
=ON6z
-----END PGP SIGNATURE-----
After you have copied it, open GPA, paste the signed message, into the clipboard and click on the “Sign/Verify” button.
A new window should pop up which contains “Good signature from name of the key pair that signed the text”, if the signature was correct.