[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #10495 [Website]: Better way - Leftover tor gpg signing key in the local user's gpg keychain in the documentation



#10495: Better way - Leftover tor gpg signing key in the local user's gpg keychain
in the documentation
-------------------------+---------------------
 Reporter:  daffyduck    |          Owner:
     Type:  enhancement  |         Status:  new
 Priority:  normal       |      Milestone:
Component:  Website      |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+---------------------
 {{{
 Hi,
 }}}
 {{{
 on this page:
 https://www.torproject.org/docs/debian.html.en#ubuntu
 }}}
 {{{
 You give these following two instructions for downloading the gpg signing
 key and then using it for apt. This leaves the tor gpg signing key in the
 local user's gpg keychain.
 }}}
 {{{
 gpg --keyserver keys.gnupg.net --recv 886DDD89
 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
 }}}
 {{{
 However, apt-key could do this in one command:
 sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 886DDD89
 }}}
 {{{
 Now, I do not know if you have a reason to use two separate lines, maybe
 you do not trust apt-key being run with sudo to fetch keys from a
 keyserver.
 }}}
 {{{
 If that is the case then you could tell users that they can remove the tor
 signing key from the local keychain, since it is not used there.
 }}}
 {{{
 gpg --delete-key 0x886DDD89
 }}}
 {{{
 You could also fetch the key with wget and pipe it to apt-key directly,
 which might be the cleanest solution of all:
 }}}
 {{{
 wget -q 'http://keys.gnupg.net/pks/lookup?op=get&search=0x886DDD89' -O- |
 sudo apt-key add -
 }}}
 {{{
 This would also avoid the leftover tor gpg signing key in any user's local
 gpg keychain.
 }}}
 {{{
 BR
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10495>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs