torbrowser signature verification fails - a glitch or an "attack"?

It's not an attack, just an outdated key.

There's a issue report on this matter over at the GitHub repository.

A workaround reported there, which works for some systems if not all, is to run:

gpg --homedir "$HOME/.local/share/torbrowser/gnupg_homedir/" --refresh-keys --keyserver pgp.mit.edu

before torbrowser-launcher. Then it works. It's quite possible that what Kusalananda suggested would also work, but I can't check that unless I undo the key update.


When I download the the signature and the compressed archive, fetch the key from a keyserver, and verify the signature:

$ gpg2 --recv-key D1483FA6C3C07136
gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) <[email protected]>" imported
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: Total number processed: 1
gpg:               imported: 1

$ gpg2 --verify tor-browser-linux64-6.5_en-US.tar.xz.asc
gpg: assuming signed data in 'tor-browser-linux64-6.5_en-US.tar.xz'
gpg: Signature made Tue Jan 24 15:42:49 2017 CET
gpg:                using RSA key D1483FA6C3C07136
gpg: Good signature from "Tor Browser Developers (signing key) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
     Subkey fingerprint: A430 0A6B C93C 0877 A445  1486 D148 3FA6 C3C0 7136

So, the signature is good. I suggest that you try again, or investigate if this is the same issue as reported in the Tor Browser issue tracker (issue 263).

How did I know what key to verify with?

I first ran the verification without fetching any key and got:

gpg: assuming signed data in 'tor-browser-linux64-6.5_en-US.tar.xz'
gpg: Signature made Tue Jan 24 15:42:49 2017 CET
gpg:                using RSA key D1483FA6C3C07136
gpg: Can't check signature: No public key

Then I checked D1483FA6C3C07136 against the key IDs listed on the Tor project's site and found that it was indeed the correct key: https://www.torproject.org/docs/signing-keys.html.en

This is, I believe, as close as I can get to knowing that the archive wasn't tampered with without meeting the developers face to face and having them personally hand me a USB stick with the software.