Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

how can I validate Firefox authentication

more options

I have not been able to successfully authenticate the validity of Firefox 39 on a Mac. Using GPG tools service to validate it gives an error Failed:153. If I perform a command line "gpg --verify SHA512SUMS.asc gpg: assuming signed data in 'SHA512SUMS' gpg: Signature made Wed 1 Jul 03:23:48 2015 EDT using RSA key ID 15A0A4BC gpg: Good signature from "Mozilla Software Releases <releases@mozilla.org>" [unknown] gpg: Note: This key has expired! Primary key fingerprint: 2B90 598A 745E 992F 315E 22C5 8AB1 3296 3A06 537A

    Subkey fingerprint: 5445 390E F5D0 C2EC FB8A  6201 057C C3EB 15A0 A4BC

Which is not valid since the public key has expired. Where can i get a valid public key? Has anyone performed the validation of Firefox successfully? If so how?

I have not been able to successfully authenticate the validity of Firefox 39 on a Mac. Using GPG tools service to validate it gives an error Failed:153. If I perform a command line "gpg --verify SHA512SUMS.asc gpg: assuming signed data in 'SHA512SUMS' gpg: Signature made Wed 1 Jul 03:23:48 2015 EDT using RSA key ID 15A0A4BC gpg: Good signature from "Mozilla Software Releases <releases@mozilla.org>" [unknown] gpg: Note: This key has expired! Primary key fingerprint: 2B90 598A 745E 992F 315E 22C5 8AB1 3296 3A06 537A Subkey fingerprint: 5445 390E F5D0 C2EC FB8A 6201 057C C3EB 15A0 A4BC Which is not valid since the public key has expired. Where can i get a valid public key? Has anyone performed the validation of Firefox successfully? If so how?

Saafara biñ tànn

Ben Hearsum is a Mozilla employee and the blog link posted by cor-el was in the bug report I linked.

Jàng tontu lii ci fi mu bokk 👍 0

All Replies (8)

more options

Good point. I do get the same result. The subkey used to sign the *SUMS file has expired on 07/16/15, and I guess nobody at Mozilla has noticed that (yet). The best would probably be to raise a new bug for this in Bugzilla. https://bugzilla.mozilla.org

christ1 moo ko soppali ci

more options

Oh they know.

For reading as the general issue tracker Bugzilla is not a discussion forum like here.

Bug 1139929 - renew gpg signing key

more options

Is the new public key available ? Where can I get it

more options
more options
more options

The current Public key listed from the download firefox versions "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/39.0/"

as well as the others is still incorrect. You don't expect people to download a public key from a Blog?

more options

Saafara yiñ Tànn

Ben Hearsum is a Mozilla employee and the blog link posted by cor-el was in the bug report I linked.

more options

All previous versions of firefox 39 will not be able to authenticate until the key is updated.