Anonymous Cryptocurrency Exchange
No hidden fees → No delays → No registration
no kyc | no logs | no analytics | TOR
Navigation
Anonymous Cryptocurrency Exchange
No hidden fees → No delays → No registration
no kyc | no logs | no analytics | TOR
Public Signing Key
DEX.fo digitally signs every swap receipt with an RSA private key. Use this public key to independently verify the authenticity of any signed receipt.
Algorithm: RSA-4096 Key ID: PGP Fingerprint:
Verification Instructions
Every signed receipt from DEX.fo contains a plain-text body and an RSA-SHA512 signature. You can verify authenticity using a graphical tool or the command line.
Kleopatra
(Windows & Linux)
GPGTools
(macOS)
1.
Download and install GPGTools (includes GPG Keychain)
2.
Open GPG Keychain -> File -> Import... -> select dexfo_pubkey.asc
3.
Download receipt.asc
4.
Right-click receipt.asc in Finder -> Services > OpenPGP: Verify Signature
Android
1.
Install OpenKeychain from F-Droid
2.
Import dexfo_pubkey.asc via the app
3.
Use the app to verify receipt.asc
iOS
1.
Install PGPony from the App Store
2.
Import dexfo_pubkey.asc via the app
3.
Use the app to verify receipt.asc
Command Line (advanced)
gpg --import dexfo_pubkey.asc
gpg --verify receipt.asc
A successful verification confirms the receipt was signed by DEX.fo's private key and has not been tampered with.
Verifying DEX.fo Swap Receipts with GPG
DEX.fo digitally signs every swap receipt with an RSA private key. This guide walks you through installing the necessary tools, setting up your key pair, and verifying the authenticity of any signed receipt — no command line required.
What is GPG and why does it matter?
GPG (GNU Privacy Guard) is an open-source implementation of the PGP (Pretty Good Privacy) standard. It allows anyone to sign and verify digital information using asymmetric cryptography — meaning two mathematically linked keys are used: a private key (kept secret by the signer) and a public key (shared openly). DEX.fo signs every swap receipt with its private key. By importing DEX.fo's public key, you can independently confirm that a receipt is genuine and has not been altered.
Installation
Windows – Gpg4win (includes Kleopatra)
Download and install Gpg4win. The package includes several tools:
·
Kleopatra – the main graphical key manager used in this guide
·
GpgEX – a Windows Explorer plugin that adds right-click options like "Encrypt", "Sign", and "Verify"
·
GpgOL – a plugin for Microsoft Outlook
Once installed, launch Kleopatra from the Start menu.
Linux – Kleopatra
Download Kleopatra or install it directly from the repository on Debian/Ubuntu-based systems:
sudo apt-get install kleopatra
Then launch it from your application menu.
macOS – GPGTools
Download and install GPGTools. The suite includes:
·
GPG Keychain – the graphical key manager
·
GPG Services – integrates GPG into macOS via the right-click Services menu in Finder
Once installed, open GPG Keychain from your Applications folder.
Android – OpenKeychain
Install OpenKeychain from F-Droid. It provides a full-featured GPG key manager and allows you to import keys, sign, and verify files directly on your device.
iOS – PGPony
Install PGPony from the App Store. It supports key import and signature verification on iPhone and iPad.
Creating a key pair
Before you can certify DEX.fo's public key (and optionally post signed reviews), you need your own key pair. A key pair consists of a public key you share with others, and a private key you keep safe and never share.
In Kleopatra (Windows & Linux):
Go to File > New Key Pair → select Create a personal OpenPGP key pair. Enter your name (a nickname is fine) and email address. These details will be visible to anyone who imports your public key.
In GPG Keychain (macOS):
Click New in the toolbar. Fill in your name and email, then click Create Key.
In OpenKeychain (Android):
Tap the + button → Create my key. Enter your name and email, then confirm.
In PGPony (iOS):
Open the app → Keys tab → tap + → Generate New Key. Enter your name and email, then confirm.
Choosing key parameters:
By default, RSA 2048-bit encryption is used. For stronger security, click Advanced Settings in Kleopatra and select ECDSA/EdDSA with the ed25519 curve – this is the most modern and widely trusted algorithm for digital signatures, with no known backdoors from any government body. Check +ECDH as well if you want to use the key for encryption in addition to signing.
You can set an expiration date (two years is the default) or choose to make the key permanent. An expiration date is generally considered good practice.
Setting a passphrase:
On the next step, you will be asked to set a passphrase. This is your last line of defense if your private key file is ever compromised. Use a strong passphrase with a mix of letters, numbers, and special characters. A password generated by a password manager is ideal – just make sure you can actually access it when needed.
Once the key pair is created, pay attention to its fingerprint – a unique identifier for your key. Even if someone creates a key with the same name and email, their fingerprint will be different. Always verify fingerprints when importing keys from others.
Backing up your keys
Kleopatra will offer to back up your key pair immediately after creation. You can also do this at any time by right-clicking your key and selecting Export Secret Keys. Save the file in a secure location.
If you open the exported file in a text editor, you will see a block beginning with BEGIN PGP PRIVATE KEY BLOCK – never share this with anyone. Your public key, safe to distribute, begins with BEGIN PGP PUBLIC KEY BLOCK.
One of GPG's advantages is that private keys are highly portable – you can print them on paper or store them on an encrypted drive. The public key can always be re-derived from the private key, so you only need to keep one file safe.
Importing DEX.fo's public key
DEX.fo's public key details:
·
Algorithm: RSA-4096
·
Key ID:
·
PGP Fingerprint:
In Kleopatra (Windows & Linux):
Click Import in the toolbar → select the file dexfo_pubkey.asc. Kleopatra will display the key details and ask you to confirm. Check that the fingerprint matches the one listed above, then click Certify to mark it as trusted.
In GPG Keychain (macOS):
Go to File > Import… → select dexfo_pubkey.asc. The key will appear in your keychain. Right-click it and select Sign to certify it after verifying the fingerprint.
In OpenKeychain (Android):
Tap the + button → Import from file → select dexfo_pubkey.asc. Verify the fingerprint matches the one listed above before confirming.
In PGPony (iOS):
Open the app → Keys tab → tap + → Import Key → select dexfo_pubkey.asc. Verify the fingerprint before confirming.
You can also import a key by double-clicking the .asc file on desktop – it will open in Kleopatra or GPG Keychain automatically. Keys are also commonly distributed as a plain-text block; in that case, copy the block and use File > Import from Clipboard in Kleopatra. Key files may use .asc, .pgp, or .gpg extensions – all are handled correctly regardless of extension.
Verifying a DEX.fo swap receipt
You will need to download receipt.asc signature file
Option 1: Kleopatra (Windows & Linux)
Click Decrypt/Verify in the toolbar → select receipt.asc. Kleopatra will display the verification result. A green result means the signature is valid and the receipt has not been modified.
Option 2: GPGTools (macOS)
Right-click receipt.asc in Finder → Services > OpenPGP: Verify Signature. GPG Services will show the result.
Option 3: OpenKeychain (Android)
Open the app → tap the menu → Decrypt & Verify → select receipt.asc.
Option 4: PGPony (iOS)
Open the app → Verify tab → import receipt.asc. The app will display the verification result.
Option 5: Command line (advanced)
gpg --import dexfo_pubkey.asc
gpg --verify receipt.asc
A successful verification confirms that the receipt was signed by DEX.fo's private key and has not been tampered with. If even a single character in receipt.asc has been changed after signing, verification will fail.
FAQ
How do I get a PGP public key to post a review?
Download Kleopatra for Windows & Linux, GPGTools for macOS, OpenKeychain for Android, or PGPony for iOS, then create a new OpenPGP key pair in the app.
What file extensions do GPG key files use?
Key files commonly use .asc, .pgp, or .gpg extensions. The extension does not affect how the file is read – all three formats are handled correctly by all apps listed in this guide.
What does "untrusted signature" mean?
It means the key has been imported but not certified by you. To resolve this, right-click the key in Kleopatra and select Certify after verifying the fingerprint matches the one published by DEX.fo.
Can I verify receipts on mobile?
Yes – use OpenKeychain on Android or PGPony on iOS.
DEX.fo digitally signs every swap receipt with an RSA private key. Use this public key to independently verify the authenticity of any signed receipt.
Algorithm: RSA-4096 Key ID: PGP Fingerprint:
Verification Instructions
Every signed receipt from DEX.fo contains a plain-text body and an RSA-SHA512 signature. You can verify authenticity using a graphical tool or the command line.
Kleopatra
(Windows & Linux)
GPGTools
(macOS)
1.
Download and install GPGTools (includes GPG Keychain)
2.
Open GPG Keychain -> File -> Import... -> select dexfo_pubkey.asc
3.
Download receipt.asc
4.
Right-click receipt.asc in Finder -> Services > OpenPGP: Verify Signature
Android
1.
Install OpenKeychain from F-Droid
2.
Import dexfo_pubkey.asc via the app
3.
Use the app to verify receipt.asc
iOS
1.
Install PGPony from the App Store
2.
Import dexfo_pubkey.asc via the app
3.
Use the app to verify receipt.asc
Command Line (advanced)
gpg --import dexfo_pubkey.asc
gpg --verify receipt.asc
A successful verification confirms the receipt was signed by DEX.fo's private key and has not been tampered with.
Verifying DEX.fo Swap Receipts with GPG
DEX.fo digitally signs every swap receipt with an RSA private key. This guide walks you through installing the necessary tools, setting up your key pair, and verifying the authenticity of any signed receipt — no command line required.
What is GPG and why does it matter?
GPG (GNU Privacy Guard) is an open-source implementation of the PGP (Pretty Good Privacy) standard. It allows anyone to sign and verify digital information using asymmetric cryptography — meaning two mathematically linked keys are used: a private key (kept secret by the signer) and a public key (shared openly). DEX.fo signs every swap receipt with its private key. By importing DEX.fo's public key, you can independently confirm that a receipt is genuine and has not been altered.
Installation
Windows – Gpg4win (includes Kleopatra)
Download and install Gpg4win. The package includes several tools:
·
Kleopatra – the main graphical key manager used in this guide
·
GpgEX – a Windows Explorer plugin that adds right-click options like "Encrypt", "Sign", and "Verify"
·
GpgOL – a plugin for Microsoft Outlook
Once installed, launch Kleopatra from the Start menu.
Linux – Kleopatra
Download Kleopatra or install it directly from the repository on Debian/Ubuntu-based systems:
sudo apt-get install kleopatra
Then launch it from your application menu.
macOS – GPGTools
Download and install GPGTools. The suite includes:
·
GPG Keychain – the graphical key manager
·
GPG Services – integrates GPG into macOS via the right-click Services menu in Finder
Once installed, open GPG Keychain from your Applications folder.
Android – OpenKeychain
Install OpenKeychain from F-Droid. It provides a full-featured GPG key manager and allows you to import keys, sign, and verify files directly on your device.
iOS – PGPony
Install PGPony from the App Store. It supports key import and signature verification on iPhone and iPad.
Creating a key pair
Before you can certify DEX.fo's public key (and optionally post signed reviews), you need your own key pair. A key pair consists of a public key you share with others, and a private key you keep safe and never share.
In Kleopatra (Windows & Linux):
Go to File > New Key Pair → select Create a personal OpenPGP key pair. Enter your name (a nickname is fine) and email address. These details will be visible to anyone who imports your public key.
In GPG Keychain (macOS):
Click New in the toolbar. Fill in your name and email, then click Create Key.
In OpenKeychain (Android):
Tap the + button → Create my key. Enter your name and email, then confirm.
In PGPony (iOS):
Open the app → Keys tab → tap + → Generate New Key. Enter your name and email, then confirm.
Choosing key parameters:
By default, RSA 2048-bit encryption is used. For stronger security, click Advanced Settings in Kleopatra and select ECDSA/EdDSA with the ed25519 curve – this is the most modern and widely trusted algorithm for digital signatures, with no known backdoors from any government body. Check +ECDH as well if you want to use the key for encryption in addition to signing.
You can set an expiration date (two years is the default) or choose to make the key permanent. An expiration date is generally considered good practice.
Setting a passphrase:
On the next step, you will be asked to set a passphrase. This is your last line of defense if your private key file is ever compromised. Use a strong passphrase with a mix of letters, numbers, and special characters. A password generated by a password manager is ideal – just make sure you can actually access it when needed.
Once the key pair is created, pay attention to its fingerprint – a unique identifier for your key. Even if someone creates a key with the same name and email, their fingerprint will be different. Always verify fingerprints when importing keys from others.
Backing up your keys
Kleopatra will offer to back up your key pair immediately after creation. You can also do this at any time by right-clicking your key and selecting Export Secret Keys. Save the file in a secure location.
If you open the exported file in a text editor, you will see a block beginning with BEGIN PGP PRIVATE KEY BLOCK – never share this with anyone. Your public key, safe to distribute, begins with BEGIN PGP PUBLIC KEY BLOCK.
One of GPG's advantages is that private keys are highly portable – you can print them on paper or store them on an encrypted drive. The public key can always be re-derived from the private key, so you only need to keep one file safe.
Importing DEX.fo's public key
DEX.fo's public key details:
·
Algorithm: RSA-4096
·
Key ID:
·
PGP Fingerprint:
In Kleopatra (Windows & Linux):
Click Import in the toolbar → select the file dexfo_pubkey.asc. Kleopatra will display the key details and ask you to confirm. Check that the fingerprint matches the one listed above, then click Certify to mark it as trusted.
In GPG Keychain (macOS):
Go to File > Import… → select dexfo_pubkey.asc. The key will appear in your keychain. Right-click it and select Sign to certify it after verifying the fingerprint.
In OpenKeychain (Android):
Tap the + button → Import from file → select dexfo_pubkey.asc. Verify the fingerprint matches the one listed above before confirming.
In PGPony (iOS):
Open the app → Keys tab → tap + → Import Key → select dexfo_pubkey.asc. Verify the fingerprint before confirming.
You can also import a key by double-clicking the .asc file on desktop – it will open in Kleopatra or GPG Keychain automatically. Keys are also commonly distributed as a plain-text block; in that case, copy the block and use File > Import from Clipboard in Kleopatra. Key files may use .asc, .pgp, or .gpg extensions – all are handled correctly regardless of extension.
Verifying a DEX.fo swap receipt
You will need to download receipt.asc signature file
Option 1: Kleopatra (Windows & Linux)
Click Decrypt/Verify in the toolbar → select receipt.asc. Kleopatra will display the verification result. A green result means the signature is valid and the receipt has not been modified.
Option 2: GPGTools (macOS)
Right-click receipt.asc in Finder → Services > OpenPGP: Verify Signature. GPG Services will show the result.
Option 3: OpenKeychain (Android)
Open the app → tap the menu → Decrypt & Verify → select receipt.asc.
Option 4: PGPony (iOS)
Open the app → Verify tab → import receipt.asc. The app will display the verification result.
Option 5: Command line (advanced)
gpg --import dexfo_pubkey.asc
gpg --verify receipt.asc
A successful verification confirms that the receipt was signed by DEX.fo's private key and has not been tampered with. If even a single character in receipt.asc has been changed after signing, verification will fail.
FAQ
How do I get a PGP public key to post a review?
Download Kleopatra for Windows & Linux, GPGTools for macOS, OpenKeychain for Android, or PGPony for iOS, then create a new OpenPGP key pair in the app.
What file extensions do GPG key files use?
Key files commonly use .asc, .pgp, or .gpg extensions. The extension does not affect how the file is read – all three formats are handled correctly by all apps listed in this guide.
What does "untrusted signature" mean?
It means the key has been imported but not certified by you. To resolve this, right-click the key in Kleopatra and select Certify after verifying the fingerprint matches the one published by DEX.fo.
Can I verify receipts on mobile?
Yes – use OpenKeychain on Android or PGPony on iOS.