From 12ac68ecd8510a65040556766728ef085eeefae4 Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Tue, 6 Oct 2020 15:58:22 -0700 Subject: [PATCH] Download key using web key directory from torproject.org instead of keyservers --- torbrowser_launcher/common.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/torbrowser_launcher/common.py b/torbrowser_launcher/common.py index 25bb984..adb9426 100644 --- a/torbrowser_launcher/common.py +++ b/torbrowser_launcher/common.py @@ -193,10 +193,11 @@ class Common(object): else: print('Refreshing local keyring...') + # Fetch key from wkd, as per https://support.torproject.org/tbb/how-to-verify-signature/ p = subprocess.Popen(['/usr/bin/gpg2', '--status-fd', '2', '--homedir', self.paths['gnupg_homedir'], - '--keyserver', 'hkps://keys.openpgp.org', - '--refresh-keys'], stderr=subprocess.PIPE) + '--auto-key-locate', 'nodefault,wkd', + '--locate-keys', 'torbrowser@torproject.org'], stderr=subprocess.PIPE) p.wait() for output in p.stderr.readlines():