Signature doesn't match

The version 12.0.4 doesn’t match with its asc signature.
First, tested from cmd “certutil -hashfile… MD5”, then with the 7zip. Non matched.
Downloaded directly from Tor Project | Download
What the problem is, idk.

Which OS do you download the Tor Browser for, Windows?

What are exact names of files that you tested?
And where did you found that you need to check MD5 hash?

See this page for instructions on how to check the signature.

The following files were tested -

  1. torbrowser-install-win64-12.0.4_ALL.exe (91.4 mb)
  2. torbrowser-install-win64-12.0.4_ALL.exe.asc (801 bytes)
    MD5 instruction -
    How to Check an MD5 Checksum on desktop/laptop (PC/MAC) (

Windows 10 22H2

This is not a MD5 checksum file. It contains a GnuPG signature as described on the page I’ve linked to in my previous post.


This file should be checked with GPG4win (gpg4win-4.1.0.exe for example).
Instructions are linked by @lutzh in message #4.

I tested how it works by myself:
GPG throws garbage, hangs (not surprising for something GNU), but at the end shows that signature is valid:


Following the instructions, instelling GnuPG, fetching the dev key, verifying signeture resulted ‘No such file or directory’, but public key Workeround worked and I think it’s valid.
Here’s the cmd result:

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

hi @Ranaa , Maybe some of this is happening:

you hace to specify the gpg command for the current versión:

gpgv --keyring .\tor.keyring Downloads\torbrowser-install-win64-12.0.4_ALL.exe.asc Downloads\torbrowser-install-win64-12.0.4_ALL.exe

or maybe you are not running the commands from where you downloaded the files or pointing to them.


I hope it’s useful