Guide to check the authenticity of the signature

That binary files were digitally signed by the JAP-Team. Thereby you get the oportunity to check the files you downloaded regarding their origin. With the digital signature you can determine if the files were corrupted during the download or even manipulated. Below are instructions for testing the signature with the two most common programs in that area: "Pretty Good Privacy" (PGP) and the "Gnu Privacy Guard" (GPG). We assume that you've already installed a current version of one of them. Instructions on how to download and install those programs are on the web sites of PGP and GPG .

Guide for GPG:

After you have downloaded and installed GPG successfully, you have to import the JAP-Team's PGP-key.

At a command prompt enter: gpg --import jappgp.asc
Now you can check the validity of the key by comparing the fingerprint of the imported key with the following key: B965 99E4 05EB 4202 895C 27DC D022 60C9 73EE 1DD1

To verify the key, please check the key's finger print. Enter gpg --edit-key jap to start GPG's key editing mode and at GPG's own "Command>" prompt, just enter fpr to compute the key's finger print.

Now the fingerprint of the downloaded JAP key is shown. You can compare it with the key shown above and if they're the same, sign our key. You should still have a "Command >" prompt on your screen. Simply enter:
sign
If a "Command >" prompt is no longer on your screen, simply enter
gpg --edit-key jap
and then
sign
To return to the normal command prompt, enter:
save

To verify the integrity of your downloaded JAP file please move the file and the appropriate signature file to the same directory
From within this directory start:
gpg --verify JAP.jar.sig JAP.jar
Along with the creation date of the signature you should see "...Good signature from...JAP-Team..." in the output.

Guide for PGP:

After you have downloaded and installed PGP successfully, you have to import the PGP-key of the JAP-Team. Just doubleclick on the asc-file you have downloaded and choose "import" in the following window. Now you can verify the authenticity of the key. Compare the fingerprint of the imported key to this one: B965 99E4 05EB 4202 895C 27DC D022 60C9 73EE 1DD1

The fingerprint of your imported key is shown when you start PGPkeys, right click on the key of the JAP-Team and choose "Key Properties".
In the section "Fingerprint" you still have to activate the option "Hexadecimal". You should get a screen like the above picture. When you are sure that the fingerprint of the JAP-key you have downloaded is exectly the same as the one we have published on our website, you can sign the JAP-key. To sign the key just click with the right mousebutton on JAP-key and choose "sign". Now you have to select "Key Proberties" again and scroll down to section "Trust Model". Move the lever from "Untrusted" to "Trusted".

To start the actual verification please put the JAP file and the appropriate signature file in the same directory. Now simply double click on the signaturefile. You should get a new window on your screen that looks like the one below. The window must not contain a string like "Bad Signature" and the column tagged "Validity" has to contain a green light or something with the same meaning.

 

Download

Stable Version
00.20.001


Beta Version
00.20.010


InfoService

Status of available AN.ON services and information about them.


Aktuell / News

Restrictions for the Dresden (JAP) anonymisation servers
After careful consideration we have decided to restrict the size of downloads over the Dresden (JAP) mixes a little. The reason is to allow a more fair use of scarce resources of our servers especially for users who simply want to surf the Web. more...

 

 
---