Hi
I have a Dell Inspiron 5767 laptop, running Ubuntu 20.04.1 LTS.
I would like to try the Tor Browser.
But no matter how i Try to install it (Software center, snap, Terminal commands, PPA 's etc), it is getting stuck in verifying signature after the download wizard has run.
Anyone know the solution to this problem?
Best regards
Viking Penguin
Hi
I can add, that I just tried to start the Tor browser in the Terminal by entering:
torbrowser-launcher
I gives the following output:
Tor Browser-opstarter
Af Micah Lee, licenseret under MIT
version 0.3.2
Downloader Tor Browser for første gang.
Downloader over Tor
Downloader https://aus1.torproject.org/torbrowser/update_3/release/Linux_x86_64-gcc3/x/en-US
Seneste version: 9.5.4
Downloader https://www.eprci.com/tor/dist/torbrowser/9.5.4/tor-browser-linux64-9.5.4_en-US.tar.xz.asc
Downloader https://www.eprci.com/tor/dist/torbrowser/9.5.4/tor-browser-linux64-9.5.4_en-US.tar.xz
Verificerer signatur
Refreshing local keyringâŚ
Traceback (most recent call last):
File â/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.pyâ, line 589, in verify
c.verify(signature=sig, signed_data=signed)
File â/usr/lib/python3/dist-packages/gpg/core.pyâ, line 541, in verify
raise errors.BadSignatures(results[1], results=results)
gpg.errors.BadSignatures: 110775B5D101FB36BC6C911BEB774491D9FF06E2: Nøgle udløbet
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File â/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.pyâ, line 600, in run
verify()
File â/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.pyâ, line 594, in verify
raise Exception
Exception
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File â/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.pyâ, line 603, in run
self.common.refresh_keyring()
File â/usr/lib/python3/dist-packages/torbrowser_launcher/common.pyâ, line 196, in refresh_keyring
p = subprocess.Popen([â/usr/bin/gpg2â, ââstatus-fdâ, â2â,
File â/usr/lib/python3.8/subprocess.pyâ, line 854, in init
self._execute_child(args, executable, preexec_fn, close_fds,
File â/usr/lib/python3.8/subprocess.pyâ, line 1702, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] Ingen sĂĽdan fil eller filkatalog: â/usr/bin/gpg2â
What I take away is the message saying âNøgle udløbetâ which is in English that the âkey has expiredâ
But what does that means?
sudo apt install gnupg2
Edit: Whatever is happening is looking for /usr/bin/gpg2 which has been replaced since 18.04 with /usr/bin/gpg but the symlinks apparently donât exist unless you installed the gnupg2 transition package. I guess you could put them there yourself too.
Edit2: Iâve had a chance to try this in a fresh Ubuntu 20.04.1 VM. My first solution solves the stuck problem. However it looks like the Tor browser tarball canât be verified, which is troubling. I have downloaded the tarball and .asc from the actual website and not the torbrowser-launcher and am still unable to verify the tarball. I will continue to give this a shot.
Edit3: I was able to verify the tarball by following the instructions on the Tor project documentation. I was then able to launch the browser as described in the docs. I have no idea why torbrowser-launcher is failing. My guess is at some point the Tor project gpg key isnât being imported because that is the only thing I did differently by hand.
Hi
Thank you for the reply.
I tried to install the gnupg2, and it got me a little down the road.
I looks like Tor is starting now, but then goes to this warning
Yeah thatâs where I was during my second edit. I still canât get any of the automated launchers to work.
From their GitHub:
âYou can install torbrowser-launcher from your operating systemâs package manager, but it might be out-of-date and have issues working. If you want to make sure you always have the latest version, use one of the methods below to install:â
For Ubuntu they recommend:
sudo apt purge torbrowser-launcher # I added this to remove the existing installation
sudo add-apt-repository ppa:micahflee/ppa
sudo apt update
sudo apt install torbrowser-launcher
Or Flatpak:
flatpak install flathub com.github.micahflee.torbrowser-launcher -y
flatpak run com.github.micahflee.torbrowser-launcher # Or use GUI
That PPA is out of date though.
What do you mean by out of date? Iâm not a regular PPA user. I seem to be getting the latest version of torbrowser-launcher and Tor when I use it and itâs the one on their GitHub if that means anything.
The PPA does not contain a version for 20.04. Itâs pulling it in from the Ubuntu repositories.
As I said in my third edit, I am able to verify, install, and run the browser when following their instructions on the tor browser website.
There must be a bug in the app preventing it from properly importing the tor project GPG key. Someone should probably file a bug report.
WOOF. I did some digging in the github. This verification problem seems to have been an ongoing issue** for over a year. This may be one of those times where a bug report wonât do it.
** or at least a constant similar issue plaguing the project.
You know what my biggest problem is? I just donât know when to quit.
The gpg key id used for the Tor Browser is 0x4E2C6E8793298290
http://keys.gnupg.net/pks/lookup?search=0x4E2C6E8793298290&fingerprint=on&op=index
The gnupg home relevant to the installation isnât the default: ~/.gnupg/, itâs: ~/.local/share/torbrowser/gnupg_homedir/
Itâs created with appropriate permissions when torbrowser-launcher launches for the first time.
The default key server is keys.openpgp.org as seen when running:
gpg -v --homedir ~/.local/share/torbrowser/gnupg_homedir --recv-keys 0x4E2C6E8793298290
âŚand confirming the response from keys.openpgp.org:
gpg -v --homedir ~/.local/share/torbrowser/gnupg_homedir --keyserver keys.openpgp.org --recv-keys 0x4E2C6E8793298290
It gives the error: ânew key but contains no user ID - skippedâ and doesnât install the key.
Whatâs interesting is when torbrowser-launcher reaches the end of itâs installation itâll install a key so iâm not sure where itâs getting it from or if itâs forcing the inadequate key thatâs coming from keys.openpgp.org.
The solution is to use a key from a different key server. Having tried:
keyserver.ubuntu.compgp.mit.edukeys.gnupg.netThese all work with browser-launcher and Tor starts without a hitch.
Side note: With a functional key thereâs no error for missing gnupg2.
Install and launch torbrowser-launcher:
sudo add-apt-repository ppa:micahflee/ppa # Gives same version as Ubuntu 20 repo
sudo apt update
sudo apt install torbrowser-launcher
torbrowser-launcher
Upon launch the required folder structure and permissions will be created.
Itâll begin to downloading Tor, during the download open another Terminal and install the correct gpg key:
gpg --homedir ~/.local/share/torbrowser/gnupg_homedir --keyserver keyserver.ubuntu.com --recv-keys 0x4E2C6E8793298290
Itâll take a few minutes for this to complete. Once the Tor download is complete browser-launcher will run Tor correctly.
If you didnât install the gpg key in time skip to âFixing a non-working installationâ
Delete the offending key:
gpg --homedir ~/.local/share/torbrowser/gnupg_homedir --delete-keys torbrowser@torproject.org
Install the correct key:
gpg --homedir ~/.local/share/torbrowser/gnupg_homedir --keyserver keyserver.ubuntu.com --recv-keys 0x4E2C6E8793298290
Run torbrowser-launcher
torbrowser-launcher
The Tor browser teamâs key was poisoned last year, so there might be a hiccup there.
Important edits: I pulled it from the github and modified the source code torbrowser_launcher/common.py at line 206
from '--keyserver', 'hkps://keys.openpgp.org',
to '--keyserver', 'hkps://keyserver.ubuntu.com',
built the .deb, installed the .deb, launched it and everything installed just fine. So I think @Ulfnic has figured it out.
Great job team.
Fingers crossed 
I editted you and the fix into the comment, WE NAILED IT!! 
It worked for me as well 
Thank you so much for your time and good help.