Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Where can I download PGP key 0x50FA58BC used to sign "thunderbird-38.4.0.en-US.mac.checksums"?

  • 1 baphendule
  • 1 inale nkinga
  • 1 view
  • Igcine ukuphendulwa ngu christ1

more options

The key 0x50FA58BC used to verify the checksum file "thunderbird-38.4.0.en-US.mac.checksums" downloaded from https://ftp.mozilla.org/pub/thunderbird/nightly/latest-comm-esr38/ is not available from the Mozilla or MIT PGP key servers; neither Google nor several other search engines locate it, though this is the ID of the public key used to sign this general release file.

Here is the full output from my tests:

tests-...$ openssl dgst -sha512 thunderbird-38.4.0.en-US.mac.dmg SHA512(thunderbird-38.4.0.en-US.mac.dmg)= ec11b2428fad89db096a2efc326a27e8ca2b4bbb7cf5530ed191e6451fbad772137b744eaeb878b3e6761b8e321191a9fd00e89fc1875855dd5bbbf5d4cc86ac tests-...$ gpg --verify thunderbird-38.4.0.en-US.mac.checksums.asc thunderbird-38.4.0.en-US.mac.checksums gpg: Signature made Tue Dec 15 06:53:37 2015 CST using DSA key ID 50FA58BC gpg: Can't check signature: No public key tests-...$

The key 0x50FA58BC used to verify the checksum file "thunderbird-38.4.0.en-US.mac.checksums" downloaded from https://ftp.mozilla.org/pub/thunderbird/nightly/latest-comm-esr38/ is not available from the Mozilla or MIT PGP key servers; neither Google nor several other search engines locate it, though this is the ID of the public key used to sign this general release file. Here is the full output from my tests: tests-...$ openssl dgst -sha512 thunderbird-38.4.0.en-US.mac.dmg SHA512(thunderbird-38.4.0.en-US.mac.dmg)= ec11b2428fad89db096a2efc326a27e8ca2b4bbb7cf5530ed191e6451fbad772137b744eaeb878b3e6761b8e321191a9fd00e89fc1875855dd5bbbf5d4cc86ac tests-...$ gpg --verify thunderbird-38.4.0.en-US.mac.checksums.asc thunderbird-38.4.0.en-US.mac.checksums gpg: Signature made Tue Dec 15 06:53:37 2015 CST using DSA key ID 50FA58BC gpg: Can't check signature: No public key tests-...$

All Replies (1)

more options

There is a KEY file available at https://ftp.mozilla.org/pub/thunderbird/releases/38.0.1/ This key is: Primary User ID Mozilla Software Releases <releases@mozilla.org> Key ID 0x3A06537A Signing subkey 0x15A0A4BC

Checksums are available at https://ftp.mozilla.org/pub/thunderbird/releases/38.4.0/

When trying to verify the sig file SHA512SUMS.asc it fails, because it has been signed with a different key.

> gpg --verify SHA512SUMS.asc SHA512SUMS gpg: Signature made Fri 20 Nov 2015 07:47:50 PM CET using RSA key ID 5E9905DB gpg: Can't check signature: No public key

I have no idea where to get key 0x5E9905DB from.

Update: The key is available at https://gpg.mozilla.org/pks/lookup?search=0x5E9905DB&op=get

Okulungisiwe ngu christ1