Seperate "Downloading the signature" section & add additional info

torproject · Mar 18, 2020 · 94742dd · 94742dd
1 parent 0a4dec0
commit 94742dd
Showing 1 changed file with 9 additions and 5 deletions.
diff --git a/content/tbb/how-to-verify-signature/contents.lr b/content/tbb/how-to-verify-signature/contents.lr
@@ -9,11 +9,6 @@ description:
 Digital signature is a process ensuring that a certain package was generated by its developers and has not been tampered with.
 Below we explain why it is important and how to verify that the Tor program you download is the one we have created and has not been modified by some attacker.
 
-Each file on our [download page](https://www.torproject.org/download/) is accompanied by a file with the same name as the package and the extension ".asc". These .asc files are OpenPGP signatures.
-They allow you to verify the file you've downloaded is exactly the one that we intended you to get.
-
-For example, `torbrowser-install-win64-9.0_en-US.exe` is accompanied by `torbrowser-install-win64-9.0_en-US.exe.asc`.
-
 We now show how you can verify the downloaded file's digital signature on different operating systems.
 Please notice that a signature is dated the moment the package has been signed.
 Therefore every time a new file is uploaded a new signature is generated with a different date.
@@ -62,6 +57,15 @@ After importing the key, you can save it to a file (identifying it by fingerprin
 
     gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290
 
+This command will save the key to tor.keyring file in current directory. If the output says, `gpg: WARNING: nothing exported` then don't proceed further because the correct key was not imported.
+
+### Downloading the signature
+
+Each file on our [download page](https://www.torproject.org/download/) is accompanied by a file with the same name as the package and the extension ".asc". These .asc files are OpenPGP signatures.
+They allow you to verify the file you've downloaded is exactly the one that we intended you to get.
+
+For example, `torbrowser-install-win64-9.0_en-US.exe` is accompanied by `torbrowser-install-win64-9.0_en-US.exe.asc`.
+
 ### Verifying the signature
 
 To verify the signature of the package you downloaded, you will need to download the corresponding ".asc" signature file as well as the installer file itself, and verify it with a command that asks GnuPG to verify the file that you downloaded.