[tor-talk] Expired key for deb.torproject.org?
Roman Mamedov
rm at romanrm.net
Fri Nov 27 07:51:32 UTC 2020
On Wed, 25 Nov 2020 07:54:39 +0100
Jonathan Marquardt <mail at parckwart.de> wrote:
> I am using the Debian Tor repo on quite a few Debian machines and since a few
> days now, none of these machines are able to use the repo.
>
> "apt update" gives me:
>
> Err:6 tor+http://sdscoq7snqtznauu.onion/torproject.org buster InRelease
> The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key
>
> Why does it say that the key has expired?
>
> $ gpg -k 74A941BA219EC810
> pub rsa2048/EE8CBC9E886DDD89 2009-09-04 [SC] [expires: 2022-08-05]
> A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
> uid [ full ] deb.torproject.org archive signing key
>
> The key is valid until 2022 and I already made sure that APT is using exactly
> that key by running "gpg --export 74A941BA219EC810 | sudo apt-key add -".
>
> Can someone tell me what's going on?
I had the same a few days ago, and solved it with instructions from
https://2019.www.torproject.org/docs/debian.html.en
Try that, specifically it says to use a different fingerprint for gpg --export
than you do, not sure if it matters.
--
With respect,
Roman
More information about the tor-talk
mailing list