Tor browser signature verification failed

I tried to install the Tor Browser from the official repo.
When trying to launch it says: “Download Tor Browser for the first time”
After a little waiting a error message pops up:

Error Code: […]: Key expired
You might be under attack, there might be a network problem or you may be missing a recently added Tor browser Verification key.

Online I found this fix (that didnt work for me: gpg: keyserver refresh failed: No keyserver available):
gpg --homedir "$HOME/.local/share/torbrowser/gnupg_homedir/" --refresh-keys --keyserver

How can I fix that?

Please do what torpoject suggests on their page, download it from them, extract it where you want and launch it.

It will update itself each time there is a new version.


Just a heads up, torbrowser-launcher 0.3.2-4 resolved the issue.

1 Like

I just tried the version 0.3.2-4 version. I get a pop up message during the installation process “the version of Tor browser you have installed is earlier than it should be, which could be a sign of an attack!” I clicked okay, and the installer kept spinning and nothing happened.

I tired the Flatpak version and that works just fine.

1 Like

I get the same as @fhins 0.3.2-4 doesn’t work and produces the error dialog box mentioned.

I’ve been working fine (don’t run it daily but use it a couple times a week, when I launched it yesterday (October 1st, 2020) it “updated” itself and started producing that error message. I had last run it about a week prior to that and it was working fine.

EDIT- Update
After updating my system (I usually wait a couple days after release) torbrowser is now at 0.3.2-6 and seems to be working fine again. I also just realized this thread was over a month old and should probably be close with @Yochanan post set as the resolution so that in the future while related doesn’t appear to be a current issue. At this time 0.3.2-6 seems to be working correctly and as intended.

Then if the package isn’t going to work or be maintained any longer it should be removed from the repo.

There are two things i can’t do in this case:

  • stop someone to create/maintain/remove a package for/from community
  • make someone else to follow or not an official notice from Tor developers.