mutante 2017-02-02 13:45:43
implijer_: the fix for the signature issue is likely that you download the right (new) PGP key
implijer_ 2017-02-02 13:46:14
mutante, I thought using torproject's keyring would do that
implijer_ 2017-02-02 13:46:16
it didn't :/
mutante 2017-02-02 13:47:14
implijer_: does it tell you a key ID that is missing?
somiaj 2017-02-02 13:47:25
the keyring is probably for the repo they provide, not for the actual browser key
mutante 2017-02-02 13:48:01
public key is not available: NO_PUBKEY ... ?
mutante 2017-02-02 13:48:16
does it have that followed by a cryptic string?
implijer_ 2017-02-02 14:06:16
mutante: nah juste "SIGNATURE FAILED" in the torbrowser-launcher
mutante 2017-02-02 14:09:42
implijer_: gpg --search-keys D40814E0
mutante 2017-02-02 14:09:50
gpg --search-keys D40814E0
mutante 2017-02-02 14:09:54
) Tor Browser Developers (signing key)
mutante 2017-02-02 14:10:16
that should find it, i hope it's still the right one
implijer_ 2017-02-02 14:10:27
"key not found"
implijer_ 2017-02-02 14:11:02
it may be normal, on keyring.debian.org ?
mutante 2017-02-02 14:11:22
try using the keyserver keys.gnupg.net
mad_hatter 2017-02-02 14:11:47
hey folks...for some reason every time I boot into gnome shell...my network-manager fails to connect to my wifi...after a long attempt at trying it it pops up a message 'activation of network connection failed' is there anyway I can troubleshoot this?
implijer_ 2017-02-02 14:13:23
mutante, nah same thing (gpg --search-keys D40814E0 --keyserver keys.gnupg.net)
somiaj 2017-02-02 14:13:26
mad_hatter: you can check dmesg for hardware related messages
implijer_ 2017-02-02 14:14:15
mutante, my bad
implijer_ 2017-02-02 14:14:19
argument in bad order
mutante 2017-02-02 14:14:59
implijer_: ah:) i was still checking myself. did it import a key? did it fix the issue?
mad_hatter 2017-02-02 14:15:05
wlan0 associating with AP with corrupt probe response
implijer_ 2017-02-02 14:15:13
it as imported the key
implijer_ 2017-02-02 14:15:34
I'm trying to download torbrowser again (torbrowser-laucnher start from scratch everytime :()
mad_hatter 2017-02-02 14:16:05
somiaj, it says it's associated but I still have no internet
implijer_ 2017-02-02 14:16:30
mutante, where did you found the D40814E0 bit ?
implijer_ 2017-02-02 14:20:31
mutante, "signature verification failed", still :x
somiaj 2017-02-02 14:22:54
mad_hatter: assoicated may not mean you have actually obtained an ip for the network
mad_hatter 2017-02-02 14:23:13
well...it's working...but verrrrryyyy slowly
somiaj 2017-02-02 14:23:23
mad_hatter: that corrupt probe response sounds strange...
mad_hatter 2017-02-02 14:23:34
this is unusual because it was working just fine not long ago
mad_hatter 2017-02-02 14:23:52
I did a hostname change and thought that might be it...but changed it back and still the same
implijer_ 2017-02-02 14:24:00
mutante the actual signature of the package is C3C07136
mad_hatter 2017-02-02 14:24:20
also did a nm-applet and it says 'faildd to connect to proxy server'
mutante 2017-02-02 14:24:27
implijer_: oh, i found that on https://github.com/micahflee/torbrowser-launcher/issues/164
mutante 2017-02-02 14:24:35
implijer_: seems you found the right one :)
implijer_ 2017-02-02 14:25:05
mutante, what you mean ? I should just import this one and hope it's not a bad key ? :o
mutante 2017-02-02 14:25:26
implijer_: define "bad"
mad_hatter 2017-02-02 14:25:45
somiaj: iwconfig on the wireless interface shows a 7.2Mb/s bit rate...which explains the super slow speed
mutante 2017-02-02 14:25:50
it was the Tor Browser dev key in 2015
implijer_ 2017-02-02 14:25:50
well, I could hijack a webserver and distribute my own copy signed with my own key
mutante 2017-02-02 14:25:56
guess they have a new one in 2017
implijer_ 2017-02-02 14:26:02
han
mutante 2017-02-02 14:26:24
so? your key would not work to verify the signature though
mutante 2017-02-02 14:26:36
if it gets verified you are fine, if not you are not worse than before
implijer_ 2017-02-02 14:26:39
I really need to have a clearer unerstanding of this all. Security without knowledge is sooo much flawed :p
mutante 2017-02-02 14:26:40
afaict
implijer_ 2017-02-02 14:27:11
ahm
mutante 2017-02-02 14:27:15
i dont see a risk in importing a key that wasnt used to sign this. you will only get the same "signature failed"
implijer_ 2017-02-02 14:27:31
but what would stop me from importing my key and put a ,ame like "tor browser team" to it ?
implijer_ 2017-02-02 14:27:41
I don't see how it could be stopped
mutante 2017-02-02 14:27:54
math
implijer_ 2017-02-02 14:28:05
mah
mutante 2017-02-02 14:28:16
your key might call itself whatever it wants but it would simply not work
implijer_ 2017-02-02 14:29:10
I already did signed packages with my own key. I did put wathever name 'n all I wanted. Checking if a key is valid does tell you if the key is legitimate. Right ?
implijer_ 2017-02-02 14:29:41
*doesn't
mutante 2017-02-02 14:29:41
implijer_: verifying a signature means you know this key was used to sign this package
implijer_ 2017-02-02 14:30:01
exacly
implijer_ 2017-02-02 14:30:27
but it does not tell you if it's a legitimate key
implijer_ 2017-02-02 14:30:40
just that this key signed the package
implijer_ 2017-02-02 14:31:32
anyway I see the substring I have is in the "valid subker fingerprint", guess I'll take this without further meddling :x
mutante 2017-02-02 14:31:36
implijer_: that part you would solve by looking who else signed that key
mutante 2017-02-02 14:31:42
"web of trust"
implijer_ 2017-02-02 14:31:57
mutante, I don't know how to do that :/
mutante 2017-02-02 14:32:01
if anyone you already trust signed that key, you would trust that key too
mutante 2017-02-02 14:32:32
import the key and gpg --list-sigs
mutante 2017-02-02 14:32:59
sub rsa4096 2014-12-15 [S] [expires: 2017-08-25]
mutante 2017-02-02 14:32:59
sig 4E2C6E8793298290 2015-08-26 Tor Browser Developers (signing key)
mutante 2017-02-02 14:33:09
that looks like the right one for 2017.. until August
mutante 2017-02-02 14:33:32
you can also search torproject.org for the key fingerprint
mutante 2017-02-02 14:33:41
to confirm that is the one they use
mutante 2017-02-02 14:34:01
this is why people often put GPG fingerprints on business cards
implijer_ 2017-02-02 14:37:45
mutante, unfortunately I'm not succeeding é_è
implijer_ 2017-02-02 14:37:56
he says he does not find the "public key"
implijer_ 2017-02-02 14:38:34
$ gpg --keyserver keys.gnupg.net --verify tor-browser-linux32-6.5_fr.tar.xz.asc tor-browser-linux32-6.5_fr.tar.xz
implijer_ 2017-02-02 14:38:34
gpg: Signature made Tue Jan 24 15:43:45 2017 CET using RSA key ID C3C07136
implijer_ 2017-02-02 14:38:34
gpg: Can't check signature: public key not found
mutante 2017-02-02 14:39:19
implijer_: gpg --keyserver keys.gnupg.net --recv-keys 4E2C6E8793298290
mutante 2017-02-02 14:39:43
do that first, importing the key
implijer_ 2017-02-02 14:40:04
awwshit
implijer_ 2017-02-02 14:40:11
I jumped the step
implijer_ 2017-02-02 14:42:54
mutante, debian should consider importing theses keys himself x)
implijer_ 2017-02-02 14:43:30
or is that a political/techical story ? x)
