[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Problems? Verifying signatures in Tor 4.0.4



On 02/26/2015 03:02 PM, andre76@fastmail.fm wrote:
> Is there anything that's wrong about the gpg verification performed on
> the version 4.0.4 as seen in the text below?
> It's quite different from previous Tor versions. No Erinn Clark.
> 
> 
> 
> $ gpg --verify tor-browser-linux32-4.0.4_en-US.tar.xz.asc                
> gpg: Signature made Wed 25 Feb 2015 02:54:55 AM EST using RSA key ID
> F65C2036
> gpg: Good signature from "Tor Browser Developers (signing key)
> <torbrowser@torproject.org>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329
> 8290
>      Subkey fingerprint: 5242 013F 02AF C851 B1C7  36B8 7017 ADCE F65C
>      2036
> 

Hi,

please read https://blog.torproject.org/blog/tor-browser-404-released

Tor Browser is signed with a different key. You should the new public
key in order to verify the signatures.

gpg --recv-keys 'EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290'

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk