Quote from: frank88 on May 01, 2013, 03:49 amQuote from: CrazyBart on May 01, 2013, 03:41 amQuote from: frank88 on May 01, 2013, 03:39 amhow do i know this is not phishing?by verifying his pgp signature.how do i verify this?thanks.It's not going to help you in this situation right here (because you would have needed the public key *before* DPR used it to sign the message, otherwise you can't make a comparison to see if it's the same person), but here is the public key used for that signature:DPR's public key-----BEGIN PGP PUBLIC KEY BLOCK-----mQENBE2VWMwBCADcoI5qldde46EI80fHSTCS4CuJn1Py4AQjJvpAqFColeAm9xb1/hb0ZUsG3vwod7uiPJdMlq3+1o3TSv9JlO3DPf7I50owQ9+S1ixXebouTvfpEKSbdq1IWAu+O4PtlmFEb76MOmjOzoeV8We8kCRFq8ThoK979A1DR09KsaDfSjCITdsUmQyVaRN0dCaj33V/QAPQybYAjNDEiNd0e1tV22n1dl6z2oVUgfJiuTVI5C0FhSKPc3odexbKUSVk9tkUWcfnk8+9HF5jGNHnUSjWxMkG1uZUDdWKl4yJqQhBHdYqcz8AhcJ6xADbFeoYEO6z5NEjXV0KmoDRCi4C7gdfABEBAAG0JFNpbGsgUm9hZCA8c3RhZmZAc2lsa3JvYWRtYXJrZXQub3JnPokBOAQTAQIAIgUCTZVYzAIbDwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQAiJCO2e3+iVfzwf/dg6wj6an8xehD7tYOjMbf9/RAKLCq+GMJlROQ7mPoOqUdnTrQ375Ld0MUJFEQUHsmijkDbl7rOLw0IuJHJsxw9wy5nNANMEMxjspdGvi8HalDrXJC+EiD2xM0gz/XrDmTsHhpAZEgwddygZFuHxWwxpBHGB2clLf4xYMX5TC7Z8QJLEdXx9DW5mZ1K9XuC+6fkMpUblzoRizmzk1NJ+yg27mYo4KigysleshF3yyQ62as5apqIfgyYrJ/udwa4JQ8Le6dzB0d3o8mrrDXqHSuxSdLGNLh1B7lDphdsQxrx1W/468EubG+5PEf2DLqqbUYLDCxS3m4DN46woO/INt5A===kHyk-----END PGP PUBLIC KEY BLOCK-----Import the public key into your version of PGP and then copy paste the signed message that DPR made.Then there should be a button somewhere called "verify". Click that and you should see the message is validated as belonging to the same person who initially gave you the public key. Like I said already, in this case you got it from me, so this isn't very useful to you right now. However in the future you might find this feature of PGP useful. PGP is very useful for lots of things other than encryption, this is one of its uses. A similar use of PGP signing which is very important, is validating whether a Tor package download is legitimate/not fake. I strongly recommend everybody learn how to do this, because for all you know you're downloading the DEA's version of Tor unless you do this step. Seriously! https://www.torproject.org/docs/verifying-signatures.htmlNote 1: Separate issue that may seem esoteric, but for newbies do NOT sign anybody's public key from SR forums unless you know to do it locally. Doing that is not useful in our situation on SRF (signing a public key uploads your signature to the web, which may not be your intention!), and you don't need to do it in order to use signing and verification anyway.Note 2: I think DPR uses a different public key for encryption, so PMing using this public key may not be appropriate.