| blob | 872341db9367138753a78d3cc3857e0348dc878c |
1 [[!meta date="Mon, 16 Mar 2015 12:34:56 +0000"]]
2 [[!pagetemplate template="news.tmpl"]]
3 [[!meta title="Transition to a new OpenPGP signing key"]]
4 [[!tag announce]]
6 Tails is transitioning to a new OpenPGP signing key.
8 The signing key is the key that we use to:
10 - Sign our official ISO images.
11 - Certify the other [[OpenPGP keys|doc/about/openpgp_keys]] used by the project.
13 <div class="note">
15 <p>The previous signing key is safe and, to the best of our knowledge, it
16 has not been compromised.</p>
18 <p>We are doing this change to improve our security practices when
19 manipulating such a critical piece of data.</p>
21 </div>
23 <div class="tip">
25 <ul>
26 <li>The old key can still be used to verify Tails 1.3 ISO images.</li>
27 <li>The new key will be used to sign ISO images starting from Tails 1.3.1.</li>
28 </ul>
30 </div>
32 [[!toc]]
34 Import and verify the new signing key
35 =====================================
37 Click on the following button to download and import the new signing
38 key:
40 <a class="download-key" href="https://tails.boum.org/tails-signing.key">new Tails signing key</a>
42 The new signing key is itself signed by the old signing key. So you can
43 transitively trust this new key if you had trusted the old signing key.
45 To verify that the new key is correctly signed by the old key, you can
46 execute the following command:
48 gpg --check-sigs A490D0F4D311A4153E2BB7CADBB802B258ACD84F
50 The output should include a signature of the new key by the old key such
51 as:
53 sig! 0x1202821CBE2CD9C1 2015-01-19 Tails developers (signing key) <tails@boum.org>
55 In this output, the status of the verification is indicated by a flag
56 directly following the "`sig`" tag. A "`!`" indicates that the signature
57 has been successfully verified.
59 Security policy for the new signing key
60 =======================================
62 Here is the full description of the new signing key:
64 <pre>
65 pub 4096R/0xDBB802B258ACD84F 2015-01-18 [expires: 2017-01-11]
66 Key fingerprint = A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F
67 uid [ unknown] Tails developers (offline long-term identity key) <tails@boum.org>
68 uid [ unknown] Tails developers <tails@boum.org>
69 sub 4096R/0x98FEC6BC752A3DB6 2015-01-18 [expires: 2017-01-11]
70 sub 4096R/0x3C83DCB52F699C56 2015-01-18 [expires: 2017-01-11]
71 </pre>
73 You can see that it has:
75 - A primary key (marked as `pub`) with ID `0xDBB802B258ACD84F`. This primary key:
77 - Is not owned in a usable format by any single individual. It is
78 split cryptographically using
79 [gfshare](http://www.digital-scurf.org/software/libgfshare).
80 - Is only used offline, in an air-gapped Tails.
81 - Expires in less than one year. We will extend its validity as many
82 times as we find reasonable.
84 - Two subkeys (marked as `sub`) with IDs `0x98FEC6BC752A3DB6` and
85 `0x3C83DCB52F699C56` which are stored on OpenPGP smartcards and owned
86 by our release managers. Smartcards ensure that the cryptographic
87 operations are done on the smartcard itself and that the secret
88 cryptographic material is not directly available to the operating
89 system using it.
91 Web-of-Trust with the Debian keyring
92 ====================================
94 This new signing key has already been signed by various Debian
95 developers, namely:
97 - gregor herrmann <gregoa@debian.org>, with key `0xBB3A68018649AA06`
98 - Holger Levsen <holger@debian.org>, with key `0x091AB856069AAA1C`
99 - Stefano Zacchiroli <zack@debian.org>, with key `0x9C31503C6D866396`
101 So you can use the technique described in our documentation to further
102 [[verify the Tails signing key against the Debian
103 keyring|install/expert/usb#verify-key]] using any of those
104 three keys.