[tor-talk] What is the new signature of new TBB?

eliaz eliaz at tormail.net
Tue Feb 21 10:02:30 UTC 2012


I just went through this. You have to import Erin's key into your
certificate handler (Kleopatra or whatever), and then verify the browser
.gz.asc file against that. HTH eliaz

On 2/20/2012 11:55 AM, James Brown wrote:
> Hello, friends!
> 
> I have got a new TBB file
> tor-browser-gnu-linux-x86_64-2.2.35-7.2-dev-en-US.tar.gz for the site of
> the Torproject and have tried to verify it.
> I have had the next result:
> $  gpg --verify
> tor-browser-gnu-linux-x86_64-2.2.35-7.2-dev-en-US.tar.gz.asc
> tor-browser-gnu-linux-x86_64-2.2.35-7.2-dev-en-US.tar.gz
> gpg: Signature made Mon Feb 20 12:45:15 2012 UTC using RSA key ID 140C961B
> gpg: Can't check signature: public key not found
> 
> As I can the the previous version was signed by Erinn Clark:
>  gpg --verify tor-browser-gnu-linux-x86_64-2.2.35-7-dev-en-US.tar.gz.asc
> tor-browser-gnu-linux-x86_64-2.2.35-7-dev-en-US.tar.gz
> gpg: Signature made Sat Feb 18 19:53:24 2012 UTC using RSA key ID 63FEE659
> gpg: Good signature from "Erinn Clark <erinn at torproject.org>"
> gpg:                 aka "Erinn Clark <erinn at debian.org>"
> gpg:                 aka "Erinn Clark <erinn at double-helix.org>"
> 
> 
> Is the sign of tor-browser-gnu-linux-x86_64-2.2.35-7.2-dev-en-US.tar.gz
> right sing?
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> 


More information about the tor-talk mailing list