[Whonix-devel] #31090 [Webpages]: stop using gpg keyservers / provide OpenPGP keys for download as files from torproject.org
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 18 14:13:15 CET 2019
#31090: stop using gpg keyservers / provide OpenPGP keys for download as files from
torproject.org
-----------------------+--------------------------
Reporter: adrelanos | Owner: (none)
Type: defect | Status: reopened
Priority: Medium | Milestone:
Component: Webpages | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------+--------------------------
Changes (by adrelanos):
* status: closed => reopened
* resolution: duplicate =>
Comment:
I don't think this is a duplicate and I don't think this was solved. The
reasons to no longer using keyservers are still valid.
I've downloaded Tor. Not Tor Browser.
* https://dist.torproject.org/tor-0.4.2.5.tar.gz
* https://dist.torproject.org/tor-0.4.2.5.tar.gz.asc
For that I need Nick's signing key
{{{7A02B3521DC75C542BA015456AFEE6D49E92B601}}}.
https://support.torproject.org/tbb/how-to-verify-signature/ explains how
to do that for Tor Browser, uses {{{curl -s
https://openpgpkey.torproject.org/.well-
known/openpgpkey/torproject.org/hu/kounek7zrdx745qydx6p59t9mqjpuhdf |gpg
--import -}}} but I wouldn't know how to use that to get Tor signing key /
acquire Nick's key.
Currently it is documented nowhere how to acquire Nick's key. Therefore
reopening.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31090#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the Whonix-devel
mailing list