[tor-commits] [webwml/master] docs/verifying-signatures: update TBB verification output

hiro at torproject.org hiro at torproject.org
Wed Aug 22 07:05:04 UTC 2018 

commit 50de7c65723eae5bfbeaa2d5d7575a53e5730aa1
Author: traumschule <traumschuleriebau at riseup.net>
Date:   Mon Aug 13 23:10:49 2018 +0200

    docs/verifying-signatures: update TBB verification output
    
    Note: This updates the output of gpg --verify once to reflect
    latest changes gpg. However we need an automated solution in
    the future to not confuse users with outdated timestamps.
---
 docs/en/verifying-signatures.wml | 34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/docs/en/verifying-signatures.wml b/docs/en/verifying-signatures.wml
index dc55b265..c3e5f3e5 100644
--- a/docs/en/verifying-signatures.wml
+++ b/docs/en/verifying-signatures.wml
@@ -122,16 +122,18 @@ sub   rsa4096/0xEB774491D9FF06E2 2018-05-26 [S] [expires: 2020-09-12]
     to download the ".asc" file as well. Assuming you downloaded the
     package and its signature to your Desktop, run:</p>
     <pre>"C:\Program Files\Gnu\GnuPg\gpg.exe" --verify \
-    C:\Users\Alice\Desktop\torbrowser-install-<version-torbrowserbundle>_en-US.exe.asc \
-    C:\Users\Alice\Desktop\torbrowser-install-<version-torbrowserbundle>_en-US.exe</pre>
+    C:\Users\Alice\Desktop\torbrowser-install-<version-torbrowserbundle>_en-US.exe.asc</pre>
     <p>Please substitute "Alice" with your own username.</p>
     <p>The output should say "Good signature": </p>
     <pre>
-    gpg: Signature made Tue 24 Jan 2015 09:29:09 AM CET using RSA key ID D40814E0
-    gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser at torproject.org>"
-    gpg: WARNING: This key is not certified with a trusted signature!
-    gpg:          There is no indication that the signature belongs to the owner.
-    Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290</pre>
+gpg: assuming signed data in 'torbrowser-install-<version-torbrowserbundle>_en-US.exe'
+gpg: Signature made Wed 15 Nov 2017 05:52:38 PM CET
+gpg:                using RSA key 0xD1483FA6C3C07136
+gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser at torproject.org>" [unknown]
+gpg: WARNING: This key is not certified with a trusted signature!
+gpg:          There is no indication that the signature belongs to the owner.
+Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
+     Subkey fingerprint: A430 0A6B C93C 0877 A445  1486 D148 3FA6 C3C0 7136
     <p>Currently valid subkey fingerprints are:
     <pre>
     5242 013F 02AF C851 B1C7  36B8 7017 ADCE F65C 2036
@@ -185,17 +187,21 @@ sub   rsa4096/0xEB774491D9FF06E2 2018-05-26 [S] [expires: 2020-09-12]
     <pre>gpg --verify ~/Downloads/TorBrowser-<version-torbrowserbundleosx64>-osx64_en-US.dmg{.asc*,}</pre>
 
     <strong>For Linux users</strong> (change 64 to 32 if you have the 32-bit package):<br />
-    <pre>gpg --verify tor-browser-linux64-<version-torbrowserbundlelinux64>_en-US.tar.xz.asc \
-    tor-browser-linux64-<version-torbrowserbundlelinux64>_en-US.tar.xz</pre>
+    <pre>gpg --verify tor-browser-linux64-<version-torbrowserbundlelinux64>_en-US.tar.xz.asc</pre>
 
     <p>The output should say "Good signature":</p>
 
     <pre>
-    gpg: Signature made Tue 24 Jan 2015 09:29:09 AM CET using RSA key ID D40814E0
-    gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser at torproject.org>"
-    gpg: WARNING: This key is not certified with a trusted signature!
-    gpg:          There is no indication that the signature belongs to the owner.
-    Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290</pre> <p> Currently valid subkey fingerprints are:
+gpg: assuming signed data in 'tor-browser-linux64-<version-torbrowserbundlelinux64>_en-US.tar.xz'
+gpg: Signature made Wed 15 Nov 2017 05:52:38 PM CET
+gpg:                using RSA key 0xD1483FA6C3C07136
+gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser at torproject.org>" [unknown]
+gpg: WARNING: This key is not certified with a trusted signature!
+gpg:          There is no indication that the signature belongs to the owner.
+Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
+     Subkey fingerprint: A430 0A6B C93C 0877 A445  1486 D148 3FA6 C3C0 7136
+    </pre>
+    <p> Currently valid subkey fingerprints are:
     <pre>
     5242 013F 02AF C851 B1C7  36B8 7017 ADCE F65C 2036
     BA1E E421 BBB4 5263 180E  1FC7 2E1A C68E D408 14E0

More information about the tor-commits mailing list