TorTaughtThe login flow is the second half of the homepage tutorial (steps 4 and 5). Step 4: pull the signed timestamp block from the login screen footer, save to a file, run gpg --verify against fingerprint 0x7F2A0A9D, confirm Good signature in the output. Step 5: submit credentials only after the signature check passes.
If you arrived at the login screen and the signature does not verify, do not submit credentials. Close the tab. Re-resolve the mirror from a fresh copy on the homepage and retry; if the second attempt also fails verification, the most likely cause is a phishing operation rather than a platform-side signing fault. Phishing operators specifically target the login flow because it is the highest-value moment in the user journey.
Verified working Nexus Market mirrors
Three v3 onion addresses currently serving the production market, signed under PGP fingerprint 0x7F2A0A9D. Use the Copy button; never retype an address.