[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Problems? Verifying signatures in Tor 4.0.4

On Thu, Feb 26, 2015, at 05:55 PM, Simon Nicolussi wrote:
> andre76@xxxxxxxxxxx wrote:
> > $ gpg --verify tor-browser-linux32-4.0.4_en-US.tar.xz.asc                
> Note that calling gpg --verify with a detached signature as its only
> argument is insecure (later versions of GnuPG should emit a warning).
> See my message to Gnupg-users and subsequent responses for details:
> http://lists.gnupg.org/pipermail/gnupg-users/2014-November/051333.html

I could read those responses until the end of time and wouldn't
understand anything.

Could you tell me what I'm supposed to enter in Terminal to get a
response that indicates a good file or a bad file?

Here's what I entered (2 separate ways);

$ gpg --verify tor-browser-linux32-4.0.4_en-US.tar.xz.asc 

gpg: Signature made Wed 25 Feb 2015 02:54:55 AM EST using RSA key ID
gpg: BAD signature from "Tor Browser Developers (signing key)

$ gpg --verify tor-browser-linux32-4.0.4_en-US.tar.xz.asc 

gpg: Signature made Wed 25 Feb 2015 02:54:55 AM EST using RSA key ID
gpg: Good signature from "Tor Browser Developers (signing key)
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329
     Subkey fingerprint: 5242 013F 02AF C851 B1C7  36B8 7017 ADCE F65C

> -- 
> Simon Nicolussi <sinic@xxxxxxxxxx>
> http{s,}://{www.,}sinic.name/
> Email had 1 attachment:
> + Attachment2
>   1k (application/pgp-signature)

http://www.fastmail.com - A no graphics, no pop-ups email service

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to