[tor-relays] Tor download signatures

Tora Tora Tora tor at allthatnet.com
Fri Mar 28 04:44:03 UTC 2014

OK, perhaps I have missed "the how" and "which" somewhere, but which
signature am I supposed to verify the new Tor tarball against? I
tried the ones mentioned on Tor signing page and none seem to stick. A
typical message is:

# gpg --verify tor-{.asc,}

gpg: Signature made Sun 23 Mar 2014 02:40:49 AM UTC using RSA key ID
gpg: Good signature from "Nick Mathewson <nickm at alum.mit.edu>"
gpg:                 aka "Nick Mathewson <nickm at wangafu.net>"
gpg:                 aka "Nick Mathewson <nickm at freehaven.net>"
gpg:                 aka "[jpeg image of size 3369]"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
Primary key fingerprint: B35B F85B F194 89D0 4E28  C33C 2119 4EBB 1657 33EA
     Subkey fingerprint: EF00 F369 1387 FCC5 8CD6  8E13 9103 97D8 8D29 319A

More information about the tor-relays mailing list