Digital signature is a process ensuring that a certain package was generated by its developers and has not been tampered with.
Below we explain why it is important and how to verify that the Tor program you download is the one we have created and has not been modified by some attacker.
Each file on our [download page](https://www.torproject.org/download/) is accompanied by a file with the same name as the package and the extension ".asc". These .asc files are OpenPGP signatures.
Each file on our [download page](https://www.torproject.org/download/) is accompanied by a file labelled "signature" with the same name as the package and the extension ".asc". These .asc files are OpenPGP signatures.
They allow you to verify the file you've downloaded is exactly the one that we intended you to get.
This will vary by web browser, but generally you can download this file by right-clicking the "signature" link and selecting the "save file as" option.
For example, `torbrowser-install-win64-9.0_en-US.exe` is accompanied by `torbrowser-install-win64-9.0_en-US.exe.asc`.
These are example file names and will not exactly match the file names that you download.
