Tor signature verification fails always

[nirvinm]

Tried installing Tor Browser Launcher via GNOME Software and DNF package manager on Fedora. Tor Launcher is getting installed successfully. However I'm not able to download Tor. Everytime I open Tor, installation fails saying "SIGNATURE VERIFICATION FAILED".
Tried all mirrors.

[ge-fa]

Which version of torbrowser-launcher are you using?

[nirvinm]

Version : 0.2.6
Release : 1.fc25
OS: Fedora 25

[HighCommander4]

I'm seeing this as well, with version 0.1.9 on Debian stable.

[ge-fa]

@HighCommander4 The Debian bug is reported here. Here is a workaround working on Debian based systems:

Run the following in your terminal, this is one line:
gpg --homedir "$HOME/.local/share/torbrowser/gnupg_homedir/" --refresh-keys --keyserver pgp.mit.edu

@nirvinm Not sure if this works on Fedora as well - maybe test this.

[ge-fa]

See #260 as well.

[fabianHAW]

same problem here. but i can't retrieve the keys:

$ gpg --homedir "$HOME/.local/share/torbrowser/gnupg_homedir/" --refresh-keys --keyserver pgp.mit.edu

gpg: refreshing 2 keys from hkp://pgp.mit.edu
gpg: requesting key 63FEE659 from hkp server pgp.mit.edu
gpg: requesting key 93298290 from hkp server pgp.mit.edu
gpgkeys: key 8738A680B84B3031A630F2DB416F061063FEE659 can't be retrieved
gpgkeys: key EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

any suggestions?

[eyalroz]

Seeing this on Linux Mint 18.1 64bit (v0.2.4, trying to d/l browser version 6.5). Using the refresh-keys workaround resolves the problem.

[nirvinm]

@ge-fa Thanks :)
gpg --homedir "$HOME/.local/share/torbrowser/gnupg_homedir/" --refresh-keys --keyserver pgp.mit.edu
This fixed the issue in Fedora 25.

[SirArthurII]

@fabianHAW
Had the same problem
Debian Jessie 8.7
I am a rookie.

Had problems connecting to Tor since I installed Apparmor.
$sudo service apparmor teardown
was a temporary solution until I figure out how to configure Tor profile in AA.
Afaik this problem only exists in Debian.

But update did not work because i could not retreive the keys, like you.
Teardown was not sufficient for keys - I had to stop AA being loaded at boot.

Disabling Apparmor this way let me retrieve the keys and install Tor 6.5 eventually.

But I really don't know, if this is save or what.
Now time to config Apparmor properly.

[fabianHAW]

after some days trying, this workaround worked for me too :) maybe the server (pgp.mit.edu) had some problems. thanks for helping!!

[micahflee]

This is a duplicate of #260, which is fixed in the latest version of torbrowser-launcher.

[rolfschr]

Hi Micah,

Not sure this is the right place to post & I surely don't want to sound too demanding: Do you mind updating the non-Trusty ppa packages to 0.2.7?

Thanks for providing the torbrowser-launcher!

[CoolSpot]

If pgp.mit.edu is down, one could use
gpg --homedir "$HOME/.local/share/torbrowser/gnupg_homedir/" --refresh-keys --keyserver pool.sks-keyservers.net

[Customs-N-Randomness]

I'm having this exact same issue on UbuntuMATE 16.04 LTS. Downloaded from Software Boutique. No idea what the version is.

[anastiel]

thanks so much running in parrotSec