commit 1acf560c17e15f6144c57d1e75e9567e7a4e03ff Author: Georg Koppen <gk@torproject.org> Date: Fri Mar 27 14:04:54 2015 +0000 Bug 15253: Add Tor Browser subkey fingerprints --- docs/en/verifying-signatures.wml | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/docs/en/verifying-signatures.wml b/docs/en/verifying-signatures.wml index ef916b4..89522d4 100644 --- a/docs/en/verifying-signatures.wml +++ b/docs/en/verifying-signatures.wml @@ -92,8 +92,12 @@ gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. - Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 - </pre> + Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290</pre> + <p>Currently valid subkey fingerprints are: + <pre> + 5242 013F 02AF C851 B1C7 36B8 7017 ADCE F65C 2036 + BA1E E421 BBB4 5263 180E 1FC7 2E1A C68E D408 14E0 + 05FA 4425 3F6C 19A8 B7F5 18D4 2D00 0988 5898 39A3</pre></p> <p> Notice that there is a warning because you haven't assigned a trust index to this person. This means that GnuPG verified that the key made @@ -143,16 +147,18 @@ <strong>For Linux users</strong> (change 32 to 64 if you have the 64-bit package):<br /> <pre>gpg --verify ~/Desktop/tor-browser-linux32-<version-torbrowserbundlelinux32>_en-US.tar.xz{.asc*,}</pre> - <p>The output should say "Good signature": </p> + <p>The output should say "Good signature":</p> <pre> gpg: Signature made Tue 24 Jan 2015 09:29:09 AM CET using RSA key ID D40814E0 gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. - Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 - </pre> - + Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290</pre> <p> Currently valid subkey fingerprints are: + <pre> + 5242 013F 02AF C851 B1C7 36B8 7017 ADCE F65C 2036 + BA1E E421 BBB4 5263 180E 1FC7 2E1A C68E D408 14E0 + 05FA 4425 3F6C 19A8 B7F5 18D4 2D00 0988 5898 39A3</pre></p> <p> Notice that there is a warning because you haven't assigned a trust index to this person. This means that GnuPG verified that the key made @@ -160,7 +166,7 @@ to the developer. The best method is to meet the developer in person and exchange key fingerprints. </p> - + <p> If you're a Linux user and you're using the <b>Debian</b> Tor (not Tor Browser) packages, you should read the instructions on <a