GPG software is built in to most Linux distributions. For Windows, you can download Gpg4win from https://gpg4win.org.
Click the button Download Gpg4win 4.0.0.
Select a donation amount ($0, $10, $15, or $25) and click Download.
The installer file gpg4win-4.0.0.exe is saved in your downloads folder.
Double-click the file gpg4win-4.0.0.exe to run the installer.
If a user account control dialog box appears, click Yes to allow the installer to make changes to your device.
You are asked to select a language for the installer.
Select a language (e.g. English) in the dropdown box, and click OK.
Run the installation wizard. You can accept the default options.
Gpg4win and the Kleopatra graphical user interface (GUI) are installed on your computer.
For situations where *.torproject.org is blocked, you can download the Tor Browser installer from a mirror such as the Internet Archive or Google Drive.
We will use the example of:
In your browser, visit the mirror site of your choice. Download the installer file named torbrowser-install-win64-11.0.4_zh-CN.exe (in this example).
Do not run the installer just yet! The whole point of this tutorial is to verify the download before installing Tor Browser.
When you download the Tor Browser installer, also download the corresponding .asc file corresponding.
For example, for torbrowser-install-win64-11.0.4_zh-CN.exe, download the signature file torbrowser-install-win64-11.0.4_zh-CN.exe.asc. It has the same name as the installer, except it has .asc on the end of its name.
The Tor Browser team signs Tor Browser releases with the Tor Browser Developers signing key. The fingerprint of this signing key is 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290.
Download the signing key EF6E286DDA85EA2A4BA7DE684E2C6E8793298290.asc from the mirror.
At this point, you should have the following in your downloads folder:
EF6E286DDA85EA2A4BA7DE684E2C6E8793298290.asc.asc)
If you have not already done so, launch the program Kleopatra. This is the GUI that comes with Gpg4win. The installer should have placed its icon on your Windows desktop. If not, you can still launch Kleopatra from your Windows Start button.
Click the button Import... (or do File > Import).
Open the Tor Browser Developers’ signing key EF6E286DDA85EA2A4BA7DE684E2C6E8793298290.asc.
After successful import, click OK.
Now you are ready to verify the signature on the Tor Browser installer download.
Click the button Decrypt/Verify (or do File > Decrypt/Verify).
Open the Tor Browser installer signature file, which in our example is named torbrowser-install-win64-11.0.4_zh-CN.exe.asc.
It is normal to see a message The data could not be verified. This is because you have not certified the signing key.
(If you want to see this message cleared, you must Certify the Tor Browser Developers’ signing key. Gpg4win will require you to create your own PGP key in the course of doing this. We will not demonstrate these steps in this tutorial.)
Click the link Show Audit log.
The important thing is to see the message Good signature from Tor Browser Developers (signing key). This confirms that you have a good download.
Click Close. Click OK. You can now close Kleopatra.
Now that you have verified the signature, it is safe to double-click the installer executable to install Tor Browser.
You can choose a language such as English or 中文(简体) or many others after the installer launches.
Follow the prompts to install Tor Browser.
Launch Tor Browser for the first time.
An advisory message may appear, 向网站宣称您使用英文,可将您混在大多数互联网用户中,更难被识别和跟踪,有助于强化保护您的隐私。要宣称您使用英文吗? “Declaring to a website that you speak English can make you more difficult to identify and track among the majority of Internet users, helping to strengthen the protection of your privacy. Want to claim that you speak English?”
Click Yes or No as you prefer.
You now have a choice as to whether to configure Tor networking, or connect directly with no special configuration.
If *.torproject.org is blocked in your location, you should probably choose the network configuration option.
Once there, choose the option to use a bridge, and select either obfs4 or snowflake.
The built-in bridges may be blocked in your location. If they are, then you can select the option to retrieve new ones. You will need to complete a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) test.
The bridge lines should be automatically retrieved for you. (IP addresses are blurred in the image below.)
Now that you have your bridges, you can connect.
The progress bar goes across the screen. When it is complete, you are ready to proceed.
