Hi everybody,
new to this forum. I tried to check the signature for TorBrowser-12.0.2-macos_ALL.dmg
gpg --list-signatures torbrowser@torproject.org
pub rsa4096 2014-12-15 [C] [expires: 2025-07-21]
EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
uid [ unknown] Tor Browser Developers (signing key) <torbrowser@torproject.org>
sig 3 4E2C6E8793298290 2020-07-22 Tor Browser Developers (signing key) <torbrowser@torproject.org>
sub rsa4096 2021-09-17 [S] [expires: 2023-09-17]
sig 4E2C6E8793298290 2021-09-17 Tor Browser Developers (signing key) <torbrowser@torproject.org>
I exported the key with to my ~ /Downloads where also are residing TorBrowser-12.0.2-macos_ALL.dmg
and TorBrowser-12.0.2-macos_ALL.dmg.asc
:
gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290
But I get a “bad signature” with:
gpgv --keyring ./tor.keyring ./TorBrowser-12.0.2-macos_ALL.dmg.asc ./TorBrowser-12.0.2-macos_ALL.dmg
gpgv: Signature made Thu 19 Jan 14:44:41 2023 CET
gpgv: using RSA key E53D989A9E2D47BF
gpgv: BAD signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>"
I am not very familiar with gnupg. Did I made something wrong?
Best greetings to all
marek