[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

tb-updater - GPG download signature could NOT be verified. - This key expired.

ok, i did the commands you suggested me, but still getting the error while updating

INFO: Auto detecting ARCH…
INFO: ARCH x86_64 detected.
INFO: Auto detecting ARCH_DOWNLOAD…
INFO: ARCH_DOWNLOAD linux64 detected.
[INFO] [torbrowser-downloader] INFO: CURL_PROXY: --proxy socks5h://tb-updater_fa220be3-7b52-4f3c-9575-3c802d81587b:password@10.152.152.10:9115
[INFO] [torbrowser-downloader] INFO: tbb_version_previous_downloaded_version: 9.0.9
[INFO] [torbrowser-downloader] INFO: stdin connected to terminal, setting TB_INPUT to stdin, will use terminal for input, ok.
[INFO] [torbrowser-downloader] INFO: Alternatively, if want to run from command line, but still use the graphical user interface for input, you could add to command line: --input gui
INFO: not running inside Qubes DVM Template, ok.
INFO: tbb_download_alpha_version: false
INFO: Running Tor enabled check… Done.
INFO: Running Tor bootstrap check… Done.
INFO: Running connectivity check…
INFO: CURL_OUT_FILE: /home/user/.cache/tb/temp/tbb_remote_folder
INFO: Connectivity check succeeded.
INFO: Find out latest version… Downloading: https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions
INFO: CURL_OUT_FILE: /home/user/.cache/tb/RecommendedTBBVersions
INFO: Done, downloaded https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions.
INFO: tbb_download_alpha_version: false
INFO: Lowest online version might be: 9.5
INFO: Currently installed version: None installed. (Folder /home/user/.tb/tor-browser does not exist.)
Only versions still considered secure should be listed here. Higher version numbers does not necessarily mean more secure here. Could be alpha or beta versions. In most cases you are best off choosing the lowest version number among them.
Learn more about this Download Confirmation Screen.
https://www.whonix.org/wiki/Tor_Browser/Download_Confirmation_Screen
QUESTION: Download now?
n/9.5/9.5.1/9.5.3/10.0a1/10.0a2/10.0a4/10.0a5?
9.5.3
INFO: Version 9.5.3 chosen.
INFO: Tor Browser language variable TB_LANG was not yet set. Therefore defaulting TB_LANG to ‘en-US’, ok.
INFO: Because you are not using --nokilltb, now killing eventually still running instances of Tor Browser…
firefox: no process found
INFO: Downloading GPG signature… Will take a moment…
INFO: Downloading:
https://dist.torproject.org/torbrowser/9.5.3/sha256sums-unsigned-build.txt.asc … Will take a moment…
INFO: CURL_OUT_FILE: /home/user/.cache/tb/files/sha256sums-unsigned-build.txt.asc
INFO: Done, downloaded https://dist.torproject.org/torbrowser/9.5.3/sha256sums-unsigned-build.txt.asc.
INFO: Downloading sha256sums file… Will take a moment…
INFO: Downloading:
https://dist.torproject.org/torbrowser/9.5.3/sha256sums-unsigned-build.txt … Will take a moment…
INFO: CURL_OUT_FILE: /home/user/.cache/tb/files/sha256sums-unsigned-build.txt
INFO: Done, downloaded https://dist.torproject.org/torbrowser/9.5.3/sha256sums-unsigned-build.txt.
INFO: Downloading Tor Browser Bundle: 9.5.3
INFO: Downloading:
https://dist.torproject.org/torbrowser/9.5.3/tor-browser-linux64-9.5.3_en-US.tar.xz … Will take a while…
INFO: CURL_OUT_FILE: /home/user/.cache/tb/files/tor-browser-linux64-9.5.3_en-US.tar.xz
INFO: Done, downloaded https://dist.torproject.org/torbrowser/9.5.3/tor-browser-linux64-9.5.3_en-US.tar.xz.
INFO: GPG signature verification… This will take a moment…
gpg: WARNING: no command supplied. Trying to guess what you mean …
GPG download signature could NOT be verified.
Tor Browser update failed! Try again later.

gpg_bash_lib_output_alright_status: false
gpg_bash_lib_output_failure:

gpg_bash_lib_output_diagnostic_message:

gpg_bash_lib_internal_gpg_verify_status_fd_file: /home/user/.cache/tb/gpgtmpdir/gpg_bash_lib_internal_gpg_verify_status_fd_file
gpg_bash_lib_internal_gpg_verify_output_file: /home/user/.cache/tb/gpgtmpdir/gpg_bash_lib_internal_gpg_verify_output_file
gpg_bash_lib_output_gpg_import_output:
gpg: keybox ‘/home/user/.cache/tb/gpgtmpdir/pubring.kbx’ created
gpg: key 4E2C6E8793298290: 1 duplicate signature removed
gpg: key 4E2C6E8793298290: 236 signatures not checked due to missing keys
gpg: key 4E2C6E8793298290: 1 signature reordered
gpg: /home/user/.cache/tb/gpgtmpdir/trustdb.gpg: trustdb created
gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) " imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
gpg_bash_lib_output_gpg_verify_output:
gpg: Signature made Fri 24 Jul 2020 04:16:54 PM UTC
gpg: using RSA key EB774491D9FF06E2
gpg: Good signature from "Tor Browser Developers (signing key) " [expired]
gpg: Note: This key has expired!
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: 1107 75B5 D101 FB36 BC6C 911B EB77 4491 D9FF 06E2
gpg_bash_lib_output_gpg_verify_status_fd_output:
[GNUPG:] NEWSIG
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1503660203
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1503660390
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1535109984
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] KEYEXPIRED 1599945844
[GNUPG:] SIG_ID Tmkg474j7SZzfKGjdcJp7+u1gzQ 2020-07-24 1595607414
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1503660203
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1503660390
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1535109984
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] EXPKEYSIG EB774491D9FF06E2 Tor Browser Developers (signing key)
[GNUPG:] VALIDSIG 110775B5D101FB36BC6C911BEB774491D9FF06E2 2020-07-24 1595607414 0 4 0 1 10 00 EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1503660203
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1503660390
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1535109984
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

Confirmed. Fixed just now in all Whonix repositories. Should be fixed.

  1. upgrade as per usual as per:
  1. update-torbrowser should now be functional as per usual.

(Technical background: OpenPGP key tbb-team.asc was outdated. The signing key was expired. Upstream extended the key but it wasn’t updated on in the tb-updater package yet. Now fixed. No danger/harm except this usability issue.)

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]