[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Expired key for deb.torproject.org?

On Wed, 25 Nov 2020 07:54:39 +0100
Jonathan Marquardt <mail@xxxxxxxxxxxx> wrote:

> I am using the Debian Tor repo on quite a few Debian machines and since a few 
> days now, none of these machines are able to use the repo.
> "apt update" gives me: 
> Err:6 tor+http://sdscoq7snqtznauu.onion/torproject.org buster InRelease
>   The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key
> Why does it say that the key has expired?
> $ gpg -k 74A941BA219EC810
> pub   rsa2048/EE8CBC9E886DDD89 2009-09-04 [SC] [expires: 2022-08-05]
>       A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
> uid                 [  full  ] deb.torproject.org archive signing key
> The key is valid until 2022 and I already made sure that APT is using exactly 
> that key by running "gpg --export 74A941BA219EC810 | sudo apt-key add -".
> Can someone tell me what's going on?

I had the same a few days ago, and solved it with instructions from 
Try that, specifically it says to use a different fingerprint for gpg --export
than you do, not sure if it matters.

With respect,
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to