I just went through this. You have to import Erin's key into your certificate handler (Kleopatra or whatever), and then verify the browser .gz.asc file against that. HTH eliaz
On 2/20/2012 11:55 AM, James Brown wrote: > Hello, friends! > > I have got a new TBB file > tor-browser-gnu-linux-x86_64-2.2.35-7.2-dev-en-US.tar.gz for the site of > the Torproject and have tried to verify it. > I have had the next result: > $ gpg --verify > tor-browser-gnu-linux-x86_64-2.2.35-7.2-dev-en-US.tar.gz.asc > tor-browser-gnu-linux-x86_64-2.2.35-7.2-dev-en-US.tar.gz > gpg: Signature made Mon Feb 20 12:45:15 2012 UTC using RSA key ID 140C961B > gpg: Can't check signature: public key not found > > As I can the the previous version was signed by Erinn Clark: > gpg --verify tor-browser-gnu-linux-x86_64-2.2.35-7-dev-en-US.tar.gz.asc > tor-browser-gnu-linux-x86_64-2.2.35-7-dev-en-US.tar.gz > gpg: Signature made Sat Feb 18 19:53:24 2012 UTC using RSA key ID 63FEE659 > gpg: Good signature from "Erinn Clark <er...@torproject.org>" > gpg: aka "Erinn Clark <er...@debian.org>" > gpg: aka "Erinn Clark <er...@double-helix.org>" > > > Is the sign of tor-browser-gnu-linux-x86_64-2.2.35-7.2-dev-en-US.tar.gz > right sing? > _______________________________________________ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk