πŸ” torGate PGP Public Key

πŸ”’ Security πŸ—“οΈ Last Updated: November 20, 2025
Why This Page Matters: PGP (Pretty Good Privacy) allows you to verify that you're communicating with the real torGate and not a phishing site. This is especially important when accessing our onion mirror or receiving signed communications.

Why PGP Verification Matters for Tor Users

When using the Tor network, verifying the authenticity of websites and communications is crucial. PGP (Pretty Good Privacy) provides cryptographic assurance that:

  • You're on the real site: Verify our onion mirror is legitimate, not a phishing clone
  • Messages are authentic: Confirm that communications actually came from torGate
  • Content hasn't been tampered with: Detect if messages or files have been modified
  • Secure communication: Encrypt messages that only we can read
⚠️ Phishing Warning: Malicious actors create fake "tor" sites to steal information. Always verify onion addresses using our PGP signatures. If an onion site claims to be torGate but you can't verify it with our PGP key, DO NOT TRUST IT.

Our PGP Fingerprint

0000 0000 0000 0000 0000 0000 0000 0000 0000 0000

Always verify this fingerprint through multiple channels!
Check our clearnet site, social media, and any trusted third-party listings.

torGate PGP Public Key

Below is our complete PGP public key. You can copy this key, import it into your OpenPGP-compatible software (GPG, Kleopatra, etc.), and use it to verify our signatures.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGXXXXXXBEAC1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOP
QRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTU
VWXYZ1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
[... PLACEHOLDER KEY DATA ...]
[This is a placeholder. Replace with your actual PGP public key]
tBB0b3JHYXRlIFRlYW0gPGNvbnRhY3RAdG9yZ2F0ZS5vcmc+iQJUBBMBCAA+FiEE
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[... MORE KEY DATA ...]
=XXXX

-----END PGP PUBLIC KEY BLOCK-----
πŸ“₯ Download PGP Key File

How to Import Our PGP Key

Using GPG Command Line (Linux/Mac/Windows)

Method 1: Import from file

# Download the key file first, then:
gpg --import torgate-public.asc

# Verify the fingerprint
gpg --fingerprint contact@torgate.org

Method 2: Import directly

# Copy the key block from this page and run:
gpg --import
# Paste the key, then press Ctrl+D

Using Kleopatra (Windows/Mac)

  1. Open Kleopatra
  2. Click "Import" or "File" β†’ "Import Certificates"
  3. Select the downloaded torgate-public.asc file
  4. Verify the fingerprint matches the one shown above

Using GPG Keychain (Mac)

  1. Open GPG Keychain
  2. Click "Import" in the toolbar
  3. Select the torgate-public.asc file
  4. Verify the fingerprint in the key details

Verifying Our Onion Mirror

Onion Mirror Coming Soon: We are currently setting up our official Tor onion mirror. Once it's live, we will publish the signed onion address here for verification. Check back soon!

Verifying Signed Messages

If you receive a message claiming to be from torGate, you can verify its authenticity:

  1. Ensure you have our public key imported (see instructions above)
  2. Save the signed message to a text file (e.g., message.txt)
  3. Verify the signature: 
    gpg --verify message.txt
  4. Check the output: Look for "Good signature" and verify the fingerprint matches ours
βœ“ Good signature from "torGate Team <contact@torgate.org>"
This means the message is authentic and hasn't been tampered with.
βœ— BAD signature from "torGate Team"
This means the message has been modified or is fraudulent. DO NOT TRUST IT.

Sending Encrypted Messages to Us

You can use our PGP key to send us encrypted messages that only we can read:

  1. Import our public key (see instructions above)
  2. Create your message in a text editor
  3. Encrypt the message: 
    gpg --encrypt --armor --recipient contact@torgate.org message.txt
  4. Send the encrypted output (message.txt.asc) to us via our contact page

Only torGate can decrypt messages encrypted with our public key.

OpenPGP Best Practices

For Maximum Security:

  • Verify fingerprints through multiple channels: Don't rely on just one source. Check our fingerprint on our clearnet site, social media, and trusted directories.
  • Never trust a key just because it has the right name: Anyone can create a PGP key with any name. Always verify the fingerprint.
  • Keep your own keys secure: If you're using PGP, protect your private key with a strong passphrase and back it up securely.
  • Use the Web of Trust carefully: Signing keys you've verified helps build trust, but only sign keys you've personally verified.
  • Check expiration dates: PGP keys can expire. Ours is valid until [EXPIRATION DATE].
  • Be suspicious of unexpected onion addresses: Phishing sites often create similar-looking onion addresses. Always verify with PGP.

Red Flags - Signs of a Phishing Attempt:

  • ❌ Onion address that can't be verified with our PGP signature
  • ❌ Messages claiming to be from us that fail signature verification
  • ❌ Requests for sensitive information (we never ask for passwords, private keys, etc.)
  • ❌ Urgent demands for action ("verify your account now!")
  • ❌ Slightly different domain names (torgate.com, tor-gate.org, etc.)

Contact Information

Official Contact Email

Email: contact@torgate.org

PGP Fingerprint: TO_BE_ADDED

Always encrypt sensitive communications! Use our PGP key to protect your messages.

Additional Resources

Learn More About PGP

Related torGate Resources

Frequently Asked Questions

Do I need to use PGP to browse torGate?

No, you can browse our site normally without PGP. However, if you want to verify our onion mirror or send us encrypted messages, PGP is essential.

How do I know this PGP key is really yours?

Verify our fingerprint through multiple independent sources: our clearnet site, social media, trusted Tor directories, and by checking if long-time users recognize it. The more sources that confirm the same fingerprint, the more confident you can be.

What should I do if I find a different PGP key claiming to be torGate?

Report it to us immediately at contact@torgate.org. It's likely a phishing attempt. Never trust a key that doesn't match our published fingerprint.

Can I trust your onion mirror without verifying the PGP signature?

We strongly recommend verifying. Phishing sites targeting Tor users are common. Taking 2 minutes to verify a signature can protect you from sophisticated attacks.

How often should I re-verify your PGP key?

Check our fingerprint periodically, especially if:

  • You haven't visited in a while
  • You're accessing our onion mirror for the first time
  • Something seems unusual or suspicious
  • You receive an unexpected message claiming to be from us

πŸ” Security is a Practice, Not a Product

Using PGP verification might seem complicated at first, but it's one of the most powerful tools for protecting yourself online. Take the time to learn it properlyβ€”your privacy is worth it.

Stay safe, stay private, stay verified.