Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Many signatures created/visible in KGpg after installing torbrowser-launcher

  1. #1
    heyjoe NNTP User

    Question Many signatures created/visible in KGpg after installing torbrowser-launcher

    Some time ago I filed this bug report:

    https://bugzilla.opensuse.org/show_bug.cgi?id=1079251

    Since then I haven't looked at KGpg. Normally in it there was only one key.
    But the other day when I looked I saw a key named "Tor Browser Developers" and under it lost of items with Name="[No user id found]" (perhaps 50 or more). There is only one item with Name="Tor Browser Developers".

    I am still learning about crypto keys and all that stuff is not quite clear to me. Yet it looks like a mess.

    Is that related to the bug? (i.e. is it a result of it?)
    And is it safe/recommended to delete all that mess? (or if not - how do I clean it up)

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,667
    Blog Entries
    3

    Default Re: Many signatures created/visible in KGpg after installing torbrowser-launcher

    Quote Originally Posted by heyjoe View Post
    Since then I haven't looked at KGpg. Normally in it there was only one key.
    I just looked here. I see 220 keys.

    It is easy to have a lot of keys.

    Some of the keys do not have an email address. I think they all have a name field, but that's probably not required. It would not surprise me if the Tor folk use keys with no user and no email address.

    I don't use tor here, so I don't have experience with it. From your description, it seems that maybe torbrowser comes with a bunch of keys, and you imported those to your keyring.

    There's probably no reason for concern. It should be safe to delete keys that you are not using. Just be careful to not delete your own key.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  3. #3
    heyjoe NNTP User

    Default Re: Many signatures created/visible in KGpg after installing torbrowser-launcher

    Quote Originally Posted by nrickert View Post
    I just looked here. I see 220 keys.

    It is easy to have a lot of keys.
    But why does one need those?

    There's probably no reason for concern. It should be safe to delete keys that you are not using. Just be careful to not delete your own key.
    The concern is because it seems to have happened after having torbrowser-launcher installed. Previously if I downloaded the tor browser from the official site and simply unpacked and ran it - no keys were created at all.

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,667
    Blog Entries
    3

    Default Re: Many signatures created/visible in KGpg after installing torbrowser-launcher

    Quote Originally Posted by heyjoe View Post
    But why does one need those?
    It all has to do with the web of trust.

    I download a key for some good purpose. But how do I know it isn't forged. So I check some of the signatures on that key. And, to check signatures, I have to download the signing key.

    Sometimes it takes multiple iterations of this to be confidant of a key.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  5. #5
    heyjoe NNTP User

    Default Re: Many signatures created/visible in KGpg after installing torbrowser-launcher

    Then why doesn't the Tor Browser downloaded from https://www.torproject.org/ create all those keys? Is it less trustworthy?

  6. #6
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,667
    Blog Entries
    3

    Default Re: Many signatures created/visible in KGpg after installing torbrowser-launcher

    I do not have any experience with tor. Sorry.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  7. #7
    heyjoe NNTP User

    Default Re: Many signatures created/visible in KGpg after installing torbrowser-launcher

    Quote Originally Posted by nrickert View Post
    I do not have any experience with tor. Sorry.
    Well, the question is not really about tor but about the particular package in openSUSE named torbrowser-launcher due to which all this happens. Hence the whole confusion.

  8. #8
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,667
    Blog Entries
    3

    Default Re: Many signatures created/visible in KGpg after installing torbrowser-launcher

    The "torbrowser-launcher" package description does say that it does signature verification for you. So I assume that it install gpg signatures that are needed for that verification.

    It's is probably nothing to be concerned about.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  9. #9
    heyjoe NNTP User

    Default Re: Many signatures created/visible in KGpg after installing torbrowser-launcher

    My concern is about the mess of data it adds and whether it is a result of the related bug which I mentioned. IOW: what may be the consequences if I remove all those many keys? Would it recreate them automatically on next run, would I damage something tremendously, would I have to reinstall the program or anything else? Or where/who should I ask?

  10. #10
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,667
    Blog Entries
    3

    Default Re: Many signatures created/visible in KGpg after installing torbrowser-launcher

    Quote Originally Posted by heyjoe View Post
    My concern is about the mess of data it adds and whether it is a result of the related bug which I mentioned.
    When I look at that bug report, it indicates that it is a duplicate.

    When I look at the bug it duplicates, it looks to me as if launching the tor browser does install keys in your gpg keyring, but apparently some of the keys are out of date. And it gives a command to refresh those from an online keyserver.

    I'm thinking that you don't really have a "mess of data". Rather, you have a bunch of keys that the tor browser depends on. There probably isn't anything that need fixing, beyond that refreshing of keys.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •