http://zqktlwshlib42ifoxzjkkpcmenmrnuhr6et6fl3btx3ekedy4qh5tyqd.onion/wiki/index.php?title=Verifying_PGP_signatures
Importing the key from a keyfile Generally, the keyfile is obtained either in person (see above), by asking someone else to export it from a keyring ( gpg --export -a 0x63fee659 > erinn_clark.asc ), through a dedicated URL (for example, http://www.cacert.org/certs/cacert.asc ) or by copying-and-pasting from a webpage (for example, http://dev.mysql.com/doc/refman/5.0/en/checking-gpg-signature.html ). There is a keyfile at http://deb.torproject.org/archive-key.asc which is used to verify the...