[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Problems? Verifying signatures in Tor 4.0.4

On 02/26/2015 03:02 PM, andre76@xxxxxxxxxxx wrote:
> Is there anything that's wrong about the gpg verification performed on
> the version 4.0.4 as seen in the text below?
> It's quite different from previous Tor versions. No Erinn Clark.
> $ gpg --verify tor-browser-linux32-4.0.4_en-US.tar.xz.asc                
> gpg: Signature made Wed 25 Feb 2015 02:54:55 AM EST using RSA key ID
> F65C2036
> gpg: Good signature from "Tor Browser Developers (signing key)
> <torbrowser@xxxxxxxxxxxxxx>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329
> 8290
>      Subkey fingerprint: 5242 013F 02AF C851 B1C7  36B8 7017 ADCE F65C
>      2036


please read https://blog.torproject.org/blog/tor-browser-404-released

Tor Browser is signed with a different key. You should the new public
key in order to verify the signatures.

gpg --recv-keys 'EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290'

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to