PGP signature confirmed as valid. Thanks to DPR for providing these Plan B URLs! Keep in mind guys, SR has moved before now.--More PGP Club tutorial time! More PGP Club propaganda! :)More folks need to be verifying messages from SR Staff so Pine doesn't have the impression y'all relying on a passing member of PGP Club such as SS to be your savior, it is simple:Step 1: Obtain PGP signature (for example DPR's public key has been posted on the forums several times recently and it's available on his SR user page). You need to do this *before* you think you might need to validate a sig. Sig veri is only intended to prove that the anonymous person you saw last week/month/year is the same person today, and that is all we need. Step 2: Copy paste the signed PGP message into your PGP software editor/clipboard and click the Verify button.Step 3: Check that the result is "Valid" or "Good". Some PGP software will kick up a fuss and say "Unknown" if you haven't signed the public key (do so locally only), but it's just the software fucking with you. If you double check that you copy & pasted correctly, and the signature still comes up as "Bad" each time, then either the OP with the signed message accidentally altered the message by accident or they are an imposter. If you get a Bad Signature, you demand a new Signature. If the OP with the signed message persistently refuses to acknowledge the result or they give a new signed message that is also Bad, then this is an imposter. An imposter is very unlikely to be able to produce a forged PGP signature but they are very likely to use social engineering (lol, don't worry you guys, no big deal blah blah blah).Very important tip: whenever a vendor or anybody tells you they are changing their PGP public key, and you're depending on this person in any way, then you had better request a signed PGP message containing a copy of the new public key. If you don't do this, signing and verification is a complete waste of time.--Quote from: ixor568 on May 04, 2013, 02:45 pmIs it just me, or does anyone else get a sketchy feeling from DPR's post?Quote from: Rapid RX on May 04, 2013, 09:42 amDoesn't sound like DPR.Quote from: Mcrad on May 05, 2013, 03:29 amQuote from: skeezoo8586 on May 04, 2013, 09:27 pmBacon.BACONNNN!!!!Quote from: Everdred on May 04, 2013, 05:32 pm5 pages of people talking about how "sketchy" this sounds without anyone actually verifying the signature. This message was signed with DPR's private key.Like Everdred says, the message is signed for a reason. You have to join PGP Club to learn how to validate a signature to ensure it's authentic. And DPR's message is authentic, but you shouldn't depend on SS or Pine to tell you so. Time for you to hit the books and follow the tutorial above!Quote from: MangoSeason on May 04, 2013, 11:46 amPretty sure these are the URL's for the main site:silkroadiplkjo7t.onionpddqoboqqqqqbqdq.onionbpbpoqbqdodbqbqb.onionThat's right. Not supposed to work unless there is a problem.