VIP Forum Coming Soon!

Guides & Tutorials

View Categories

Verifying an onion

1 min read

Verifying onions. It’s such an important thing yet so many people don’t know how to do it properly. Always, regardless of where you get the onion from take the time to verify it. You never know when you have a typo or a simple error. Taking 10 seconds to verify can save your coins from falling to a phisher.

Darkfail has a great tool to help you do it, but no one resource should be blindly trusted. You should always manually verify the onion address yourself!

Note: Before you can verify you are on the correct Onion make sure you understand how to verify a PGP signature.

Now that you know how to verify a signature we can verify an onion address. First, we need to get a market PGP key. Most markets put them on their sub dread, but if not you can put /pgp.txt at the end of the mirror you want to verify. It should look like this: MarketOnionAddress.onion/pgp.txt

You’ll probably have to complete a captcha. Then you should see the market’s PGP key. Import the key like normal. (See above if you need help)

The first time you import a market pgp key you should check with more than once source. Compare the key on /pgp.txt or their subdread with the one on DarkNetLive DarkFail, or other reputable places. The keys should ALWAYS match.

Once you have it imported put /mirrors.txt at the end of the onion you are on. It should look something like this MarketOnionAddress.onion/mirrors.txt You should see a page with some information like this on it:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Here are our onion links:

ar3a3uxsmdjvlv3o.onion
effma5umlll2bxmd.onion
xw7w4apecxzw4t7h.onion

- SomeDarknetMarket

-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJYsU1SAAoJEMPzj/CHV15DkfgP/RcJw9EtFiv/+4LIV5rrgqcF
+FHEZiYb5jQhsqHrR7jS69rAwxzMD/rttQxMMw4cXBDh/dQaelwOVWbcy4DUwHaj
c3gFOzt/42VK40LcQlEs
=ON6z
-----END PGP SIGNATURE-----

Note: Some markets don’t use mirrors.txt check their sub dread for what you should put at the end to verify.

If you see a message like the above you can now verify the message is signed by the market PGP key you imported. It should come back with a good signature at the bottom, and at the top, you will see a list of the current market mirrors. Make sure the address you are on matches one of the ones in the signed message. If it does you are on an official market onion!

Once you do this a few times it really only takes about 10 seconds to do. Always take the time to verify an onion regardless of where you get them from

What are your Feelings
For Supporters
Contact Us

1870 N Corporate Lakes Blvd #267484
Weston, Florida 33326
USA

support@zerotrace.org
+1 (954) 982-6661

About Zero Trace

Internet freedom is one of our core values. So we decided to put our money where our mouth is and got working on numerous digital rights projects. We help people fight surveillance and censorship, giving emergency privacy access to freedom fighters and journalists who work in dangerous conditions. We support other non-profit organizations and conferences focused on human and digital rights. And we work hard to educate the public about the importance of cybersecurity every single day.

Zero Trace
0

Need New Research?

For a limited time get one of our best selling books for $1.

Twitter 1
Twitter 2
Tor 1
Tor 3
Tor 2
Wallet 3
Wallet 2
Wallet 1
Element 1
Element 2
Element 3
K9 2
k9 3
K9 1
K9 1
Col 1
Col 2
Col 3
APK patcher
APK 2
IG 2
IG 1
IG 3
Tube 1
Tube 3
Tube 2

Ready To Join VIP?

Spots Left 72%
[affiliate_registration]
PGP 1
PGP 2
PGP 3
Key 1
Key 3
Key 2
Mic 1
Mic 2
Mic 3
Cell 3
Cell 2
Cell 1
IM 3
Im 2
Im 1
Exif
Exif 2
Map 2
Map 1
Map 3

Need A Phone?

Join the waitlist.  

Reddit 1
Reddit 2
Reddit
Shopping cart