ARM64 Tor Browser Maintainer

HulaHoop · June 12, 2021, 7:16pm

Info for the trust section in the TBB documentation:

Heikki Lindholm

Builds will soon feature a dev signed sha256sum hash file of all builds for verification.

He’s also contributed in the past to gnunet, libmicrohttpd, jackaudio and Debian’s xorg package.

public key from: https://h-lindholm.net/pubkey

pub ed25519/6AF15D1E45FDCEC9 2021-06-06 [C] [expires: 2024-06-05]
Key fingerprint = 24F1 41A3 B988 B6C3 50B9 3758 6AF1 5D1E 45FD
CEC9
uid Heikki Lindholm holin@iki.fi
sub ed25519/5890EDB800F7C53D 2021-06-06 [S] [expires: 2022-06-06]
sub cv25519/645123E7AD3B24EF 2021-06-06 [E] [expires: 2024-06-05

Patrick · June 15, 2021, 5:12pm

3 posts were split to a new topic: ARM64 Tor Browser

Patrick · June 15, 2021, 5:26pm

Patrick · June 15, 2021, 7:53pm

Patrick · June 17, 2021, 3:22pm

Added:
Trusting Downloaded Images

Patrick · June 17, 2021, 3:48pm

This is already the case. Download and verification of Tor Browser works very similar in tb-updater for Intel / AMD64 builds (from The Tor Project (TPO)) as well as arm64 builds (Heikki Lindholm). Difference is the download location (TPO website vs Heikki Lindholm sourceforge) and the OpenPGP (gpg) singing key.

Patrick · July 4, 2022, 3:33pm

E-mail sent just now.

new gpg key fingerprint?

Hello Heikki,

tor-browser-linux-arm64-11.0.14_en-US.tar.xz.asc is signed with

gpg --verify tor-browser-linux-arm64-11.0.14_en-US.tar.xz.asc
gpg: assuming signed data in ‘tor-browser-linux-arm64-11.0.14_en-US.tar.xz’
gpg: Signature made Fri 10 Jun 2022 10:41:23 AM UTC
gpg: using EDDSA key 17646366EFF82DB13E5CCDB23A557859C963442B
gpg: Can’t check signature: No public key

But I couldn’t find the EDDSA key with fingerprint 17646366EFF82DB13E5CCDB23A557859C963442B or any key transition statement. Please advice.

Kind regards,
Patrick

Patrick · July 5, 2022, 3:14pm

Hello Patrick,

My signing keys will be valid for one year at a time. For .14 it was time for a new key, so, get the corresponding pubkey update at:

https://h-lindholm.net/pubkey

or the README.

To avoid any confusion, I haven’t uploaded my (new EDDSA) keys to any key server because there’s an older RSA key with the same e-mail which I thought to revoke but so far never got around to.

– hl

Patrick · July 5, 2022, 3:19pm

Patrick · July 24, 2023, 9:07pm

Whonix on Mac M1 (ARM) - User Support (still unsupported at time of writing) - #342 by maybephilipp reported outdated key.

Patrick · July 24, 2023, 9:08pm

Patrick · July 24, 2023, 9:17pm

The updated signing key is now in all Whonix 17 repositories.