Tor source tarball signed with sha1
$ gpg --verify -v tor-0.2.9.10.tar.gz.asc gpg: assuming signed data in 'tor-0.2.9.10.tar.gz' gpg: Signature made Wed 01 Mar 2017 13:09:27 GMT gpg: using RSA key 6AFEE6D49E92B601 gpg: using subkey 6AFEE6D49E92B601 instead of primary key FE43009C4607B1FB gpg: using pgp trust model gpg: Good signature from "Nick Mathewson nickm@alum.mit.edu" [unknown] gpg: aka "Nick Mathewson nickm@wangafu.net" [unknown] gpg: aka "Nick Mathewson nickm@freehaven.net" [unknown] gpg: aka "Nick Mathewson nickm@torproject.org" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 2133 BC60 0AB1 33E1 D826 D173 FE43 009C 4607 B1FB Subkey fingerprint: 7A02 B352 1DC7 5C54 2BA0 1545 6AFE E6D4 9E92 B601 gpg: binary signature, digest algorithm SHA1, key algorithm rsa4096