Have trouble verifying TOR

so i followed the instructions: i donwloded TOR AND GPG4win
I have download the SIG file.
when im entering GPA to import the keys he saids “we found no keys”

so…what am i doing wrong?
am i using a Tempered version of TOR?
how do i fix it?

Because GPG4Win, I am assuming you use Windows OS, which is a Privacy Nightmare so Why even bother using tor or GPG?

Maybe you should start hadening your Operating System. Just a thought.

If by hadening you mean tight up the secuirity i do have a pretty good internet ssecuirity software (not the built in Windows one) if you mean changing the operating system. i wanted to change to Ubuntu (Lubunto)
but i got really caught up i didn’t had time to try it out not to mention learn how to Dual bots (becuse i still uses some softwares for work that dont work on anything else)

Also from recent reviews i had on Ubunto im not really sure is great choice privacywize anymore.

so i might need to look for alternatives Distros of linux

Yes Tale, I was thinking about not using windows, Ubuntu either, but there are plenty of flavors you may want to try.

Just out of curiosity what software you need that keeps you tied to windows?
I have been working professionaly in GNU/Linux Systems without the need of Ws

Adobe Clouds softwares
while i know you can find alternatives to them.
none of them are really industry standard so its can couse problems

but i do intrested in my minimize my use of windows as much as possible

and if we already speaking of replacing windows and not using ubunto.

any suggestion for easy on beginners performance light (dont care how ugly it looks)
and trustworhy distro for linux?

I wonder if it’s related to SKS Keyserver Network Under Attack and either GPG gets a tainted key or if it’s using keys.openpgp.net, Tor Browser hasn’t released their keys there.

You aren’t telling what exactly you have done.

It’s too early to say.

I guess you have read https://support.torproject.org/tbb/how-to-verify-signature/ and that the command you ran was gpg.exe --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org ?

My only idea is trying gpg.exe --fetch-keys https://ipfs.privacytools.io/ipfs/QmeHtYQ3nkbVByzVUxZjX1rRyPNmfTxAS712doHaPqdjAi instead, it’s the IPFS hash for the Tor Browser signing key that I see.

Please then continue reading the instructions at https://support.torproject.org/tbb/how-to-verify-signature/ especially the command to confirm that the fingerprint is correct! I feel uncomfortable taking the responsibility of shipping the key.

After you have validated your Tor Browser, I hope you will report to Tor that their instructions have a problem resulting to your error “we found no keys”.

1 Like