Before you can verify the PGP signed message, you need to import the public key of the user that signed the message. So see where it is listed (e.g. on the vendor’s profile on the market, or on the market’s subdread) and then import it.

• Open Kleopatra and click Notepad

• Copy the PGP signed message, and paste it into the text field. It looks something like this:

  —–BEGIN PGP SIGNED MESSAGE—–

  Hash: SHA512

  Here are our onion links:

  ar3a3uxsmdjvlv3o.onion effma5umlll2bxmd.onion xw7w4apecxzw4t7h.onion

  • SomeDarknetMarket

  —–BEGIN PGP SIGNATURE—–

  iQIcBAEBAgAGBQJYsU1SAAoJEMPzj/CHV15DkfgP/RcJw9EtFiv/+4LIV5rrgqcF +FHEZiYb5jQhsqHrR7jS69rAwxzMD/rttQxMMw4cXBDh/dQaelwOVWbcy4DUwHaj c3gFOzt/42VK40LcQlEs =ON6z —–END PGP SIGNATURE—–

• Click Decrypt Verify

• If the signature was signed by someone you have imported their key you will see Valid Signuate in green.

• If the message he been altered. Or you copied it with a letter or extra space. It will show Invalid Signaute in Red.

Before you can verify the PGP signed message, you need to import the public key of the user that signed the message. So see where it is listed (e.g. on the vendor’s profile on the market, or on the market’s subdread) and then import it.

Copy the PGP signed message, it looks something like this:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Text of the PGP signed message.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJYsU1SAAoJEMPzj/CHV15DkfgP/RcJw9EtFiv/+4LIV5rrgqcF
+FHEZiYb5jQhsqHrR7jS69rAwxzMD/rttQxMMw4cXBDh/dQaelwOVWbcy4DUwHaj
c3gFOzt/42VK40LcQlEs
=ON6z
-----END PGP SIGNATURE-----

After you have copied it, open GPA, paste the signed message, into the clipboard and click on the “Sign/Verify” button.

A new window should pop up which contains “Good signature from name of the key pair that signed the text”, if the signature was correct.