[tor-bugs] #24683 [Applications/Tor Browser]: Sig file verification fail
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 20 18:11:08 UTC 2017
#24683: Sig file verification fail
--------------------------------------+-----------------------------------
Reporter: xninaznx | Owner: tbb-team
Type: defect | Status: needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+-----------------------------------
Comment (by xninaznx):
Sorry, I'm not sure how to do that. I used GPG to import your key and
tried to verify the sig file in a terminal.
gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290
gpg: key 4E2C6E8793298290: 41 duplicate signatures removed
gpg: key 4E2C6E8793298290: 141 signatures not checked due to missing keys
gpg: key 4E2C6E8793298290: 1 signature reordered
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key)
<torbrowser at torproject.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
z:~ n$ gpg --fingerprint 0x4E2C6E8793298290
pub rsa4096 2014-12-15 [C] [expires: 2020-08-24]
EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid [ unknown] Tor Browser Developers (signing key)
<torbrowser at torproject.org>
sub rsa4096 2016-08-24 [S] [expires: 2018-08-24]
z:~ n$ gpg --verify ~/Downloads/TorBrowser-7.0.11-osx64_en-US.dmg{.asc*,}
gpg: Signature made Fri Dec 8 05:00:23 2017 EST
gpg: using RSA key D1483FA6C3C07136
gpg: BAD signature from "Tor Browser Developers (signing key)
<torbrowser at torproject.org>" [unknown]
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24683#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list