Opened 2 years ago

Closed 2 years ago

#24802 closed defect (worksforme)

torbrowser-install-7.0.11_en-US.exe PGP signature invalid

Reported by: Epic Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Signed on 2017-12-08 04:02 with unknown certificate 0xA4300A6BC93C0877A4451486D1483FA6C3C07136.
The validity of the signature cannot be verified.

Imported all developer keys from sig page on torproject.org. Also searched and did not find any 0xA4300A on sig page.
Key ID's imported
93298290
D0220E4B
683686CC
23291265
4B7C3223

The signature I am using from the tor page


iQIcBAABCgAGBQJaKmM4AAoJENFIP6bDwHE2AwgQAKsS5GXsrdAQ9SiHALtNQQbS
gWEFWGbl8JcBeX5P5nPazkNUh8Ssub8FpNNC0/uBRdt8DG8xTJnzfvjZ9dkpOGbP
9YU2dbWFZU9l+8Uh0oU1Q+kEk05WwsoF76uWuLuI+U7NQ56X5VHXuUlo39vjAk6b
6XfBKJIcoAniTrSFKTjfcdzwVFR0IPbYuB8igIy5FjhkfdbiIW4NSpiTSQRM7wqF
XrF1Xsd4DEOxwzKAoiG3rj5udYGCDTYRs/t9h5JNUnPmUqvFrWwC/yY25XpzSVRx
rhniDTl2vp5fcX47U4s7sSDf+UcAc0EdbRLMnTxJIR8NhamAFhbsJzMi8wHbSgwE
yTaGIr+/PZda8ZWwfdfpo954ZB/hWFXKjaS3WvKAMhBsHkoOwuF3PsJdSUGz5BGd
Ow4II3ws/Yh9C+C8vODqejjGoC7LJREUlEjs/0Sfcehqz+nUO9Cb8T2myckY8zvg
UxRKergTKCK1NssGDobwoo/u5KSvrSaD5NHTQ4L8yiTi9IoitFIctA63Ak0gZVRv
bGZLIZ36qfsi7ru58eWeuJnRaaKrHIcgjccyDYOX63Gbf3ZMZ+cI/AGgRLW/KwQJ
skMCPJxlL+hoHLd17jVYlLBeoGSyW04raICMGpYC7aRbX9VHgQjPc5PhKr4va5qD
yw5CEDpoW5/IyZ6XN4AT
=9ynq


SHA256 of torbrowser-install-7.0.11_en-US.exe
A033EB9B9ED2AD389169B36A90946A8AF8F05BD0C7BBD3E37678041331096624

Child Tickets

Attachments (1)

SHA256.png (4.7 KB) - added by Epic 2 years ago.
SHA256

Download all attachments as: .zip

Change History (5)

Changed 2 years ago by Epic

Attachment: SHA256.png added

SHA256

comment:1 Changed 2 years ago by Dbryrtfbcbhgf

The fingerprint I have for the Tor Browser developers is

EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290

Last edited 2 years ago by Dbryrtfbcbhgf (previous) (diff)

comment:2 Changed 2 years ago by cypherpunks

SHA256(torbrowser-install-7.0.11_en-US.exe)= a033eb9b9ed2ad389169b36a90946a8af8f05bd0c7bbd3e37678041331096624
gpg: Signature made Fri 08 Dec 2017 10:02:32 AM UTC using RSA key ID C3C07136
gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
     Subkey fingerprint: A430 0A6B C93C 0877 A445  1486 D148 3FA6 C3C0 7136

comment:3 Changed 2 years ago by Epic

Thanks for the help

I check the sign via the command prompt and it is good. For some reason Kleopatra v2.2.0 cannot verify against a sub key. And the latest version doesn't even work. Give a error message An error occurred: Kleopatra: assertion "prot != UnknownProtocol"

comment:4 Changed 2 years ago by gk

Component: - Select a componentApplications/Tor Browser
Owner: set to tbb-team
Resolution: worksforme
Status: newclosed
Note: See TracTickets for help on using tickets.