Verifying messages is commonly used to check the authenticity of market links. Markets publish signed messages containing links to their market. If you have the marketโs public key you can use it to verify that the message was created by the market and that the links are legitimate.
Markets, vendors and moderators will sometimes sign announcements or warnings. You can also use this to verify those.
Before you can verify the PGP signed message, you need to import the public key of the user that signed the message. So see where it is listed (e.g. on the vendorโs profile on the market, or on the marketโs subdread) and then import it.
Open Kleopatra and click Notepad
Copy the PGP signed message, and paste it into the text field. It looks something like this:
โโBEGIN PGP SIGNED MESSAGEโโ
Hash: SHA512
Here are our onion links:
ar3a3uxsmdjvlv3o.onion effma5umlll2bxmd.onion xw7w4apecxzw4t7h.onion
SomeDarknetMarket
โโBEGIN PGP SIGNATUREโโ
iQIcBAEBAgAGBQJYsU1SAAoJEMPzj/CHV15DkfgP/RcJw9EtFiv/+4LIV5rrgqcF +FHEZiYb5jQhsqHrR7jS69rAwxzMD/rttQxMMw4cXBDh/dQaelwOVWbcy4DUwHaj c3gFOzt/42VK40LcQlEs =ON6z โโEND PGP SIGNATUREโโ
- Click Decrypt Verify
- If the signature was signed by someone you have imported their key you will see Valid Signature in green.
- If the message he been altered. Or you copied it with a letter or extra space. It will show an Invalid signature in Red.