Skip to content

Expired subkey warning on Tor Browser GPG verification

gpg verification on tor-browser warns about expired subkey:

gpg --verify tor-browser-linux64-12.5.4_ALL.tar.xz.asc
gpg: assuming signed data in 'tor-browser-linux64-12.5.4_ALL.tar.xz'
gpg: Signature made mer 13 set 2023, 20:27:50 CEST
gpg:                using RSA key 613188FC5BE2176E3ED54901E53D989A9E2D47BF
gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>" [unknown]
gpg: Note: This key has expired!
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
     Subkey fingerprint: 6131 88FC 5BE2 176E 3ED5  4901 E53D 989A 9E2D 47BF
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information