Verifying messages is commonly used to check the authenticity of market links. Markets publish signed messages containing links to their market. If you have the market’s public key you can use it to verify that the message was created by the market and that the links are legitimate.
Markets, vendors and moderators will sometimes sign announcements or warnings. You can also use this to verify those.
Before you can verify the PGP signed message, you need to import the public key of the user that signed the message. So see where it is listed (e.g. on the vendor’s profile on the market, or on the market’s subdread) and then import it.
Open Kleopatra and click Notepad
Copy the PGP signed message, and paste it into the text field. It looks something like this:
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
Here are our onion links:
ar3a3uxsmdjvlv3o.onion effma5umlll2bxmd.onion xw7w4apecxzw4t7h.onion
SomeDarknetMarket
—–BEGIN PGP SIGNATURE—–
iQIcBAEBAgAGBQJYsU1SAAoJEMPzj/CHV15DkfgP/RcJw9EtFiv/+4LIV5rrgqcF +FHEZiYb5jQhsqHrR7jS69rAwxzMD/rttQxMMw4cXBDh/dQaelwOVWbcy4DUwHaj c3gFOzt/42VK40LcQlEs =ON6z —–END PGP SIGNATURE—–
- Click Decrypt Verify
- If the signature was signed by someone you have imported their key you will see Valid Signature in green.
- If the message he been altered. Or you copied it with a letter or extra space. It will show an Invalid signature in Red.