(no title)

I will try to give a simplified explanation as best I can. PGP verification is a vital process to learn. Once learned it is easy to verify yourself. You need to know PGP if you are visiting .onion sites, it is not optional if you want any certainty.

The information in a PGP signed message is encrypted using a password (the private key) in such a way that only a different password (the public key) could unlock it. Once you have a trustworthy public key from a site/individual, you can check to see if a message was signed using the correct password in the matching private key.

If truly kept private, you can trust it is a message from the same person who gave you the the public key to begin with. That is how we know .onion urls are from the owners of the sites.

If the address ever needs to change, they will sign a new message that you can know for certain came from someone in possession of the SAME private key as the first time. Same if there is a new key pair, they sign it with the old one too, so you can trust the new one equally as the old. Well, you can trust it as much as you trust the owner to not have shared it or been hacked, bribed, or arrested.

Dark.fail tries to be someone you can trust. If you did trust them, you could trust all the addresses on their site, and thereby the public keys listed on those sites to be trustworthy as well. Dark.fail gives their seal of approval that everything belongs to whom it should on their site.

Their tool is just checking to make sure the keys match up correctly.

You cannot trust Dark.fail's seal of approval. They have proven you cannot trust them. Do not visit their site anymore. You always need to verify for yourself. Learn how.