Opened 2 years ago

Closed 2 years ago

#27682 closed defect (duplicate)

Verifying signatures on Android

Reported by: towiw3 Owned by: towiw3
Priority: Medium Milestone:
Component: Community/Tor Support Version:
Severity: Normal Keywords: tbb-mobile
Cc: ggus Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Currently documentation for verifying signatures doesn't have steps for verifying signatures on Android. We can verify signatures using Termux app available on F-Droid and Play store. We can basically follow the steps for Linux after installing Termux.

Child Tickets

Change History (4)

comment:1 Changed 2 years ago by towiw3

This can potentially be used to identify Tor Browser for Android users. gnupg is not installed by default in Termux so it needs to be downloaded from Termux repository. Termux uses Cloudflare, too. It is better to use Orbot for downloading gnupg. Orbot VPN can be used to proxy Termux traffic through Tor. Orbot VPN must be used before opening Termux after installing it (of course this doesn't apply when Termux is already in use for a long time). This is not a problem when TBA is installed from Google play store; you are already identified as a TBA user and you don't verify signature if you installed TBA from Google play store.

In Termux, wget doesn't support https links, it only supports http. But curl works so we can use it for downloading the .asc file. I think it would be helpful to include how to download the .asc file in the steps.

comment:2 Changed 2 years ago by emmapeel

Owner: changed from hiro to towiw3
Status: newassigned

towiw3 can you please provide a patch, or write here the paragraph as you would like to see?

comment:3 Changed 2 years ago by emmapeel

Component: Webpages/SupportCommunity/Tor Support

comment:4 Changed 2 years ago by traumschule

Resolution: duplicate
Status: assignedclosed

This is a duplicate of #27514. Will quote comment:1 there.

Note: See TracTickets for help on using tickets.