Hey, I tried downloading Tor on my other computer but when I tried to verify the signature, I got this message. What does this mean? : Tor | Torhoo darknet markets
So I am trying to download Tor on another computer of mine. After I typed in
"gpg --verify --keyring .\tor.keyring Downloads\tor-browser-windows-x86_64-portable-13.0.15.exe.asc Downloads\tor-browser-windows-x86_64-portable-13.0.15.exe"
What I received was this
"gpg: Signature made 05/13/24 10:11:53 Central Daylight Time
gpg: using RSA key 613188FC5BE2176E3ED54901E53D989A9E2D47BF
gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: 6131 88FC 5BE2 176E 3ED5 4901 E53D 989A 9E2D 47BF"
what does it mean by "There is no indication that the signature belongs to the owner." and can someone explain to me what it means by that?
this means that you did not add Tor developers' PGP key to your ring of trusted keys. it's not a problem. what matter is this message:
"gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>" [unknown]"
This one shows that the file is properly signed by Tor Browser developers.