#27682 closed defect (duplicate)

Verifying signatures on Android

Reported by: towiw3 Owned by: towiw3
Priority: Medium Milestone:
Component: Community/Tor Support Version:
Severity: Normal Keywords: tbb-mobile
Cc: ggus Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Currently documentation for verifying signatures doesn't have steps for verifying signatures on Android. We can verify signatures using Termux app available on F-Droid and Play store. We can basically follow the steps for Linux after installing Termux.

Child Tickets

Change History (4)

comment:1 Changed 15 months ago by towiw3

This can potentially be used to identify Tor Browser for Android users. gnupg is not installed by default in Termux so it needs to be downloaded from Termux repository. Termux uses Cloudflare, too. It is better to use Orbot for downloading gnupg. Orbot VPN can be used to proxy Termux traffic through Tor. Orbot VPN must be used before opening Termux after installing it (of course this doesn't apply when Termux is already in use for a long time). This is not a problem when TBA is installed from Google play store; you are already identified as a TBA user and you don't verify signature if you installed TBA from Google play store.

In Termux, wget doesn't support https links, it only supports http. But curl works so we can use it for downloading the .asc file. I think it would be helpful to include how to download the .asc file in the steps.

comment:2 Changed 13 months ago by emmapeel

Owner: changed from hiro to towiw3
Status: newassigned

towiw3 can you please provide a patch, or write here the paragraph as you would like to see?

comment:3 Changed 13 months ago by emmapeel

Component: Webpages/SupportCommunity/Tor Support

comment:4 Changed 13 months ago by traumschule

Resolution: duplicate
Status: assignedclosed

This is a duplicate of #27514. Will quote comment:1 there.

Note: See TracTickets for help on using tickets.