[tor-bugs] #20948 [- Select a component]: Problem verifying source code - .asc file signed using 9E92B601, doc uses D40814E0

[Tor Bug Tracker & Wiki]

#20948: Problem verifying source code - .asc file signed using 9E92B601, doc uses
D40814E0
----------------------------------+-------------------------------
 Reporter:  EdwkA                 |          Owner:
     Type:  defect                |         Status:  new
 Priority:  Immediate             |      Milestone:
Component:  - Select a component  |        Version:  Tor: 0.2.8.11
 Severity:  Normal                |     Resolution:
 Keywords:                        |  Actual Points:
Parent ID:                        |         Points:
 Reviewer:                        |        Sponsor:
----------------------------------+-------------------------------

Comment (by dcf):

 The key ID D40814E0 at https://www.torproject.org/docs/verifying-
 signatures.html.en is for verifying Tor Browser packages, not tor
 packages. The tor packages (without the browser) are signed with a
 different key.

 See https://www.torproject.org/docs/signing-keys.html.en for the key to
 expect for tor packages; 9E92B601 is the right one:
 > Roger Dingledine (0x28988BF5 and 0x19F78451) or Nick Mathewson
 (0xFE43009C4607B1FB with signing key 0x6AFEE6D49E92B601) sign the Tor
 source code tarballs. (Nick's old key was 0x165733EA with signing key
 0x8D29319A; it signed older tarballs.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20948#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online