SOLVED Tor-browser launcher problem - verifying signature fails

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
rdh61
Level 3
Level 3
Posts: 130
Joined: Sun Apr 26, 2009 1:06 pm

SOLVED Tor-browser launcher problem - verifying signature fails

Post by rdh61 »

Tor-browser launcher...

I open it and it attempts to download and install tor browser, but gets stuck on "Verifying signature". No error message, just sticks and doesn't move forward. I read some advice on an Ubuntu forum to refresh the gpg key. How does one do that correctly in Linux Mint?

Thank you.
Last edited by rdh61 on Wed Sep 04, 2019 1:04 pm, edited 1 time in total.
chiefjim
Level 5
Level 5
Posts: 929
Joined: Sun Jun 07, 2009 7:26 am
Location: South Texas, USA

Re: Tor-browser launcher problem - verifying signature fails

Post by chiefjim »

+1
rdh61
Level 3
Level 3
Posts: 130
Joined: Sun Apr 26, 2009 1:06 pm

Re: Tor-browser launcher problem - verifying signature fails

Post by rdh61 »

Nobody know anything about this?
User avatar
phd21
Level 19
Level 19
Posts: 9753
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Tor-browser launcher problem - verifying signature fails

Post by phd21 »

Hi rdh61,

I usually just download their Tor Linux archive file which can update itself and use that rather than installing from the Software Manager or Synaptic Package Manager (SPM). My Tor browser is working fine.

Tor Project | Download
* for Linux users click the Linux Penguin or the link below for other languages and then on the right side click the Linux 64bit or 32-bit version you want. After saving their Linux archive file, bring up your file manager and right-click the downloaded file and extract here, move the new folder to your Home folder or leave it, then copy the "start-tor-browser.desktop" file into your Home folder desktop folder and a new icon should be on your desktop to start the Tor browser; you can also double-click the "start-tor-browser" in their "/tor-browser_en-US/Browser/" folder.
https://www.torproject.org/download/

Easily Install Tor Browser in Ubuntu and other Linux
https://itsfoss.com/install-tar-browser-linux/
.
.
from the article link above wrote:Fixing SIGNATURE VERIFICATION FAILED error
When the download finally finishes, you may see this “SIGNATURE VERIFICATION FAILED”. The error code is GENERIC_VERIFY_FAIL.

Tor browser installation error: SIGNATURE VERIFICATION FAILED
To fix this, you need to refresh the outdated GPG key bundled in the Tor launcher with a new one from Ubuntu’s keyserver. You can use the command below to do that.

Run this command from a console terminal. You can copy and paste it.

Code: Select all

gpg --homedir "$HOME/.local/share/torbrowser/gnupg_homedir" --refresh-keys --keyserver keyserver.ubuntu.com
or use another key server

Code: Select all

gpg --homedir "$HOME/.local/share/torbrowser/gnupg_homedir" --refresh-keys --keyserver pool.sks-keyservers.net
Normally, it should show that the key has been refreshed:
gpg --homedir "$HOME/.local/share/torbrowser/gnupg_homedir" --refresh-keys --keyserver keyserver.ubuntu.com

gpg: refreshing 1 key from hkp://keyserver.ubuntu.com
gpg: key 4E2C6E8793298290: 70 duplicate signatures removed
gpg: key 4E2C6E8793298290: 216 signatures not checked due to missing keys
gpg: key 4E2C6E8793298290: 2 signatures reordered
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) torbrowser@torproject.org" 283 new signatures
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) torbrowser@torproject.org" 1 new subkey
gpg: Total number processed: 1
gpg: new subkeys: 1
gpg: new signatures: 283
gpg: no ultimately trusted keys found

Now you need to click on Tor browser again to restart the download and installation. It should be quicker than before.
Tor Project: Verifying Signatures
https://2019.www.torproject.org/docs/ve ... es.html.en

Import the Tor gpg key from a console terminal command

Code: Select all

gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290
$ gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290

gpg: key 4E2C6E8793298290: 72 duplicate signatures removed
gpg: key 4E2C6E8793298290: 121243 signatures not checked due to missing keys
gpg: key 4E2C6E8793298290: 2 signatures reordered
gpg: error writing keyring '/home/user69/.gnupg/pubring.kbx': Provided object is too large
gpg: key 4E2C6E8793298290: public key "[User ID not found]" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: not imported: 1



So far today (07/22/2019), I am having issues receiving gpg keys for Tor from either key server. The command above worked after I hit enter onetime.
pool.sks-keyservers.net
or
keyserver.ubuntu.com


Hope this helps ...
Phd21: Mint 20 and 19.2 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
rdh61
Level 3
Level 3
Posts: 130
Joined: Sun Apr 26, 2009 1:06 pm

Re: Tor-browser launcher problem - verifying signature fails

Post by rdh61 »

Thanks for your reply. Hmm... The itsfoss website you point to recommends downloading Tor from the universe repository but the Tor webpage recommends definitely not doing this!: https://2019.www.torproject.org/docs/debian.html.en

I'll get back to this using their recommended method at a later time. More pressing concerns now.
pecazp
Level 1
Level 1
Posts: 6
Joined: Tue Nov 04, 2014 9:42 am

Re: Tor-browser launcher problem - verifying signature fails

Post by pecazp »

Hello,

I have the same problem. When i launch Tor Browser it takes about 10+ minutes to even popup that little downloading window and then verifying takes another 5min, and then it ends with same GENERIC_VERIFY_FAIL message.

I have tried all of the above posted verification methods and links, and it still downloads it first and ends with a same message.

I have recently installed and regularly updated linux Mint 19.1.

Also, running gpg --homedir "$HOME/.local/share/torbrowser/gnupg_homedir" --refresh-keys --keyserver pool.sks-keyservers.net took another 7 minutes to produce this result:

gpg: refreshing 1 key from hkp://pool.sks-keyservers.net
gpg: key 4E2C6E8793298290: 72 duplicate signatures removed
gpg: key 4E2C6E8793298290: 121254 signatures not checked due to missing keys
gpg: key 4E2C6E8793298290: 2 signatures reordered
gpg: error writing keyring '/home/pedja/.local/share/torbrowser/gnupg_homedir/pubring.kbx': Provided object is too large
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <torbrowser@torproject.org>" 121323 new signatures
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <torbrowser@torproject.org>" 1 new subkey
gpg: Total number processed: 1
gpg: new subkeys: 1
gpg: new signatures: 121323
gpg: not imported: 1

I will be thankful if anyone has idea what to do about that "Provided object is too large" error (which i suppose is the reason it's not working).

Pedja
ianspencer
Level 1
Level 1
Posts: 1
Joined: Sun Aug 25, 2019 11:25 am

Re: Tor-browser launcher problem - verifying signature fails

Post by ianspencer »

New to Linux and finding this very frustrating. I was on 19.1 and had problems. Wiped partition and reinstalled 19.2 fresh and same issue. Worked through troubleshooting without luck. Signature Verification failed.

Some say to download from Tor website directly but everything I read says says the best option is to install from package manager.

I'm a bit confused on the best secure approach. Clearly the version downloaded with the package manager is broken for at least a month and trying to verify the signature using other URLs from Terminal fails.

Can someone explain where to go with this and if downloading directly from the TOR site and installing is as secure and will be updated with the update manager? If so do I just uninstall from the package manager first?

I understand long term Linux users clearly are finding this an easy fix but I need a step by step process. Yes I have watched probably 40 hours of videos and read for days over a couple of months trying to understand migrating away from windows. Probably too many years of Microsoft DOS and Windows from version 3.0 and I am missing something simple.

Thanks
pecazp
Level 1
Level 1
Posts: 6
Joined: Tue Nov 04, 2014 9:42 am

Re: Tor-browser launcher problem - verifying signature fails

Post by pecazp »

Oh, yes, i have also tried installing it from software manager first...
User avatar
kyphi
Level 9
Level 9
Posts: 2703
Joined: Sat Jul 09, 2011 1:14 am
Location: The Hunter Valley, Australia

Re: Tor-browser launcher problem - verifying signature fails

Post by kyphi »

Tor recommends that the user downloads from the Tor website. As is good practice, after downloading verify authenticity and origin (same as you do after a Linux Mint download). That gets you Tor version 8.5.4. The Software Manager offers Tor version 0.3.2.10-1.

After downloading, verifying and unzipping, you will have a folder named tor-browser_en-US. Open that folder to find a folder called "Browser" and a Tor icon.
A double click on the Tor icon will start the shell script to the browser.

Opening the Browser folder will show further triggers to open the Tor-browser such as "firefox" and "start-tor-browser".

If you wish to add an entry for Tor to your main menu, follow the usual procedure - icons of various sizes will be in Browser/browser/chrome/icons/default.

Please note that you will experience time lags when using Tor-browser - the price you pay for security.
Linux Mint 20.0 Cinnamon - 64bit
rdh61
Level 3
Level 3
Posts: 130
Joined: Sun Apr 26, 2009 1:06 pm

Re: Tor-browser launcher problem - verifying signature fails

Post by rdh61 »

@kyphi

Thank you!
Post Reply

Return to “Software & Applications”