Opened 4 years ago

Closed 4 years ago

#20948 closed defect (fixed)

Problem verifying source code - .asc file signed using 9E92B601, doc uses D40814E0

Reported by: EdwkA Owned by:
Priority: Immediate Milestone:
Component: - Select a component Version: Tor:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Child Tickets

Attachments (2)

tor- (801 bytes) - added by EdwkA 4 years ago.
asc file
key-transition-statement-2.txt (3.8 KB) - added by EdwkA 4 years ago.
key transition statement

Download all attachments as: .zip

Change History (6)

Changed 4 years ago by EdwkA

Attachment: tor- added

asc file

Changed 4 years ago by EdwkA

key transition statement

comment:1 Changed 4 years ago by EdwkA

source too big to attach.

comment:2 Changed 4 years ago by dcf

The key ID D40814E0 at is for verifying Tor Browser packages, not tor packages. The tor packages (without the browser) are signed with a different key.

See for the key to expect for tor packages; 9E92B601 is the right one:

Roger Dingledine (0x28988BF5 and 0x19F78451) or Nick Mathewson (0xFE43009C4607B1FB with signing key 0x6AFEE6D49E92B601) sign the Tor source code tarballs. (Nick's old key was 0x165733EA with signing key 0x8D29319A; it signed older tarballs.)

comment:3 Changed 4 years ago by EdwkA

thank you. PEBKAC:
"For a list of which developer signs which package, see our signing keys page." (links to

Missed it, even though I read it 3 times. Good to close.

comment:4 Changed 4 years ago by dgoulet

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.