[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Problems? Verifying signatures in Tor 4.0.4




On Mon, Mar 2, 2015, at 12:51 PM, andre76@fastmail.fm wrote:

> Here's the output from terminal;
> 
> $ gpg --verify tor-browser-linux32-4.0.4_en-US.tar.xz.asc
> tor-browser-linux32-4.0.4_en-US.tar.xz
> gpg: Signature made Wed 25 Feb 2015 02:54:55 AM EST using RSA key ID
> F65C2036
> gpg: BAD signature from "Tor Browser Developers (signing key)
> <torbrowser@torproject.org>"
> 
> Are these files good or bad and not to be trusted? If not to be trusted
> which aren't to be trusted?

One or other (or the key) is corrupted: try taking the md5 of each to
see which.
md5 tor-browser-linux32-4.0.4_en-US.tar.xz
 097ff75918e161b236a38f9ee2599983
md5 tor-browser-linux32-4.0.4_en-US.tar.xz.asc
 dbfc12e557aa39307b01902a5943f4fd

-- 
http://www.fastmail.com - Email service worth paying for. Try it for free

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk