[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Where is the tor signing key?

Just followed the instructions mentioned in https://support.torproject.org/tbb/how-to-verify-signature/ working good now.

Matthew Finkel:
On Thu, Dec 10, 2020 at 09:19:46AM +0000, Colin Baxter wrote:

The URL https://support.torproject.org/tbb/how-to-verify-signature/
gives the impression that the signing key email address is
torbrowser@xxxxxxxxxxxxxx. However

  gpg2 --search-keys torbrowser@xxxxxxxxxxxxxx <RET>


gpg: key "torbrowser@xxxxxxxxxxxxxx" not found on keyserver.

What's the correct email address for the signing key?

torbrowser@xxxxxxxxxxxxxx is the correct email address, but you may be
querying the wrong server. On the page you referenced there is a section
for this:

Fetching the Tor Developers key

The Tor Browser team signs Tor Browser releases. Import the Tor Browser
Developers signing key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290):

gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@xxxxxxxxxxxxxx

The key is available on keys.openpgp.org, as well, if you need it from
another key server:


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to