[tor-bugs] #27682 [Webpages/Support]: Verifying signatures on Android

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Sep 13 13:20:04 UTC 2018


#27682: Verifying signatures on Android
------------------------------+----------------------
 Reporter:  towiw3            |          Owner:  hiro
     Type:  defect            |         Status:  new
 Priority:  Medium            |      Milestone:
Component:  Webpages/Support  |        Version:
 Severity:  Normal            |     Resolution:
 Keywords:  tbb-mobile        |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+----------------------

Comment (by towiw3):

 This can potentially be used to identify Tor Browser for Android users.
 gnupg is not installed by default in Termux so it needs to be downloaded
 from Termux repository. Termux uses Cloudflare, too. It is better to use
 Orbot for downloading gnupg. Orbot VPN can be used to proxy Termux traffic
 through Tor. Orbot VPN must be used before opening Termux after installing
 it (of course this doesn't apply when Termux is already in use for a long
 time). This is not a problem when TBA is installed from Google play store;
 you are already identified as a TBA user and you don't verify signature if
 you installed TBA from Google play store.

 In Termux, `wget` doesn't support https links, it only supports http. But
 curl works so we can use it for downloading the .asc file. I think it
 would be helpful to include how to download the .asc file in the steps.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27682#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list