Firefox sign

Felix's Avatar

Felix

07 Jan, 2020 09:07 PM

Hello, dear gentlemen!
I want to use GPG keychain to verify the Firefox 71.0 version.
But...

I downloaded my "Firefox 71.0.dmg" file and must place some KEYS from this source to the same directory
https://releases.mozilla.org/pub/firefox/releases/71.0/

I tried different ones, but I didn't succeed.
Please, help!

  1. Support Staff 1 Posted by Steve on 12 Jan, 2020 06:15 PM

    Steve's Avatar

    Hi Felix,

    welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.

    Let's use Firefox 72.0.1 as that includes important security fixes:
    https://releases.mozilla.org/pub/firefox/releases/72.0.1/

    https://gpgtools.tenderapp.com/kb/how-to/how-to-verify-the-download...

    In the Firefox example visit https://releases.mozilla.org/pub/firefox/releases/72.0.1/KEY then copy past everything after

    -----BEGIN PGP PUBLIC KEY BLOCK-----
    

    into GPG keychain. That will import the mozilla key.

    Then download both
    File SHA256SUMS 490K 08-Jan-2020 10:30
    File SHA256SUMS.asc 833 08-Jan-2020 10:30

    It seems mozilla does not sign the dmg itself so you will have to check the dmg sha265 sum. Our KB article also covers that. Mozilla then signes the checksum files so you can trust those files.

    Best,
    Steve

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac