[tor-bugs] #27699 [Applications]: Release teams: please verify the website lists the correct key

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 26 17:20:26 UTC 2018 

#27699: Release teams: please verify the website lists the correct key
--------------------------+------------------------
 Reporter:  traumschule   |          Owner:  (none)
     Type:  task          |         Status:  new
 Priority:  Medium        |      Milestone:
Component:  Applications  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:  #22637        |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------

Comment (by traumschule):

 Replying to [comment:2 boklm]:
 > My key was wrong, so I fixed it with commit
 c14cc6e77333e8536574d4b09bfbbeb9996290a2.
 >
 > What was the source for the keys in `include/keys.txt`? The previous
 page was listing the correct key, so I'm wondering how the wrong key got
 added to `include/keys.txt`.

 gk's commit 2fa3225325efb70dbb181b598061be2f6379cf7d. I had replaced the
 short id with the long one.

 {{{
 $ git log docs/en/signing-keys.wml
 commit afb8219eaccb2cedb6d21e12ee84136b58133f5d
 Author: traumschule <traumschuleriebau at riseup.net>
 Date:   Sat Sep 1 04:46:15 2018 +0200

     signing-keys: generate fingerprints from script (#22637)

       To update docs/en/singing-keys.wmi execute the perl script
       docs/en/update_signing-keys.pl and commit include/keys.wmi

       Signing keys are stored in include/keys.txt

 commit 2fa3225325efb70dbb181b598061be2f6379cf7d
 Author: Georg Koppen <gk at torproject.org>
 Date:   Mon Jun 4 09:11:53 2018 +0000

     Bug 26044: Add new Tor Browser signing sub key

 $ git show 2fa3225325efb70dbb181b598061be2f6379cf7d
 commit 2fa3225325efb70dbb181b598061be2f6379cf7d
 Author: Georg Koppen <gk at torproject.org>
 Date:   Mon Jun 4 09:11:53 2018 +0000

     Bug 26044: Add new Tor Browser signing sub key

 diff --git a/docs/en/signing-keys.wml b/docs/en/signing-keys.wml
 index 4bd3e350..d08b4033 100644
 --- a/docs/en/signing-keys.wml
 +++ b/docs/en/signing-keys.wml
 @@ -14,7 +14,7 @@

      <p>The signing keys we use are:</p>
      <ul>
 -    <li>The Tor Browser Developers (0x93298290),
 +    <li>The Tor Browser Developers (0x4E2C6E8793298290),
      Mike Perry (0x0E3A92E4), Georg Koppen (0x4B7C3223),
      Nicolas Vigier (0xD0220E4B), Linus Nordberg (0x23291265)
      and Arthur Edelstein (0xD752F538C0D38C3A)
 @@ -130,9 +130,8 @@
      pub   4096R/0x4E2C6E8793298290 2014-12-15 [expires: 2020-08-24]
            Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329
 8290
      uid   Tor Browser Developers (signing key)
 <torbrowser at torproject.org>
 -    sub   4096R/0x2E1AC68ED40814E0 2014-12-15 [expires: 2017-08-25]
 -    sub   4096R/0x7017ADCEF65C2036 2014-12-15 [expires: 2017-08-25]
      sub   4096R/0xD1483FA6C3C07136 2016-08-24 [expires: 2018-08-24]
 +    sub   4096R/0xEB774491D9FF06E2 2018-05-26 [expires: 2020-09-12]

      pub   2048R/0x42E86A2A11F48D36 2011-05-11 [expires: 2017-05-09]
            Key fingerprint = B744 17ED DF22 AC9F 9E90  F491 42E8 6A2A 11F4
 8D36

 $ git show c14cc6e77333e8536574d4b09bfbbeb9996290a2
 commit c14cc6e77333e8536574d4b09bfbbeb9996290a2 (HEAD -> master,
 upstream/master)
 Author: Nicolas Vigier <boklm at torproject.org>
 Date:   Wed Sep 26 18:53:40 2018 +0200

     signing-keys: fix key for boklm

     Re-apply the changes for #25847 (previously done by commits
     c1074e32a8d216feae7 and 5462c6d64523557f4c83).

 diff --git a/include/keys.txt b/include/keys.txt
 index ea3cf4d4..826467a5 100644
 --- a/include/keys.txt
 +++ b/include/keys.txt
 @@ -2,7 +2,7 @@
  The Tor Browser Developers: 0x4E2C6E8793298290
  Mike Perry: 0x29846B3C683686CC
  Georg Koppen: 0xD1483FA6C3C07136
 -Nicolas Vigier: 0xE5B81856D0220E4B
 +Nicolas Vigier: 0x3E39CEABFC69F6F7

 $ gpg --list-key 0xD0220E4B
 pub   rsa4096 2014-03-19 [SC]
       4A90646C0BAED9D456AB3111E5B81856D0220E4B
 uid           [ unknown] Nicolas Vigier (TBB Builds Signing Key)
 <boklm at torproject.org>

 $ gpg --list-key 0xE5B81856D0220E4B
 pub   rsa4096 2014-03-19 [SC]
       4A90646C0BAED9D456AB3111E5B81856D0220E4B
 uid           [ unknown] Nicolas Vigier (TBB Builds Signing Key)
 <boklm at torproject.org>

 gpg --list-key 0x3E39CEABFC69F6F7
 pub   rsa4096 2015-09-24 [SC]
       6AB6AEE9776E782723C8ACE83E39CEABFC69F6F7
 uid           [ unknown] Nicolas Vigier (boklm) <boklm at torproject.org>
 uid           [ unknown] Nicolas Vigier (boklm) <boklm at mars-attacks.org>
 sub   rsa4096 2016-04-23 [A]
 sub   rsa4096 2017-01-25 [S] [expires: 2019-01-22]
 sub   rsa4096 2017-01-25 [E] [expires: 2019-01-22]
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27699#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list