This is PART-02 of The DarkNet Diaries series.
In this post you'll simply learn how to download & verify a TOR-Browser download via GPG [GPG = GNU Privacy Guard].GPG verification is a rock-solid method of verifying files for their authenticity & it has a steep learning curve; but don't worry I'll try my best to at least show you how to verify your TOR-Browser downloads. [Please DO know that this will be a LINUX-ONLY guide]
GPG is a Command-Line [AKA Terminal] tool, eventhough there are Graphical tools like kleopatra or GPG4Win, these are available only for windows for now, plus their functionalities are limited & GPG being a terminal tool adds to it's steep learning curve, so let's make it easy to understand shall we.
Each file on the download section of TOR-Browser's Website is accompanied by a file labelled signature with the same name as the package and the extension .asc These ".asc" files are OpenPGP-Signatures. They allow you to verify that the file you've downloaded is exactly the one that TOR-project intended you to get.
E.g:- tor-browser-linux64-11.5.2_en-US.tar.xz is accompanied by tor-browser-linux64-11.5.2_en-US.tar.xz.asc [These are example file names and will not exactly match the file names that you download.]