Verifying the Signature of Enigmail downloads
In order to check the integrity of a package, download the XPI file and the corresponding signature file. All official XPI files for Windows, Linux and Mac OS X are signed with the key below, available from any key server (alternatively, the public key is also available from here). Some contributed XPI files are signed by their contributors.
Key ID: 0x9369CDF3
Fingerprint: 10B2 E4A0 E718 BB1B 2791 DAC4 F040 E41B 9369 CDF3
Open a command shell and change to the directory
where you have saved the files. Type:
gpg --verify filename.xpi.asc
(filename is the name of the signature file.) Check the output from GnuPG. If
the signature is OK, then GnuPG should should print see something like:
gpg: Good signature from "Patrick Brunschwig (Enigmail sig) <patrick@enigmail.net>"
If you did not update the key recently, you may alternatively get the following message:
gpg: Good signature from "Patrick Brunschwig (Enigmail sig) <enigmail@mozdev.org>"
Please note: contributed builds are not signed by Patrick, but (if at all) by the person who contributed the build. The signature will in this case display some other name.
