summaryrefslogtreecommitdiffstats
path: root/wiki/src/doc/about/openpgp_keys.mdwn
blob: 65f48f9e19870558a156420fb6763959c0f0b9fa (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
[[!meta title="OpenPGP keys"]]

Tails developers maintain several OpenPGP key pairs.

[[!toc levels=2]]

<a id="private"></a>

Private mailing-list key
========================

Purpose
-------

### Encryption

This key has an encryption subkey. Please use it to encrypt email sent
to the core developers encrypted mailing-list: <tails@boum.org>.

### Signature

This key also has the capability to sign and certify. Until Tails
0.5 and 0.6~rc3, released images were signed by this key. This purpose
is now deprecated: further releases will be signed by a dedicated,
safer signing key. As of 2010 October 7th, our mailing-list key
signature only means our mailing-list software checked the signed
content was originally OpenPGP-signed by a Tails core developer.

Policy
------

The secret key material and its passphrase are stored on the server
that runs our encrypted mailing-list software and on systems managed
by core Tails developers.

This means people other than Tails developers are in a position to
use this secret key. Tails developers trust these people enough to
rely on them for running our encrypted mailing-list, but still: this
key pair is managed in a less safe way than our signing key.

Key details
-----------

    pub   4096R/0x1D2975EDF93E735F 2009-08-14 [expires: 2015-01-03]
          Key fingerprint = 09F6 BC8F EEC9 D8EE 005D  BAA4 1D29 75ED F93E 735F
    uid                  Tails developers (Schleuder mailing-list) <tails@boum.org>
    uid                  Tails list (schleuder list) <tails-request@boum.org>
    uid                  Tails list (schleuder list) <tails-owner@boum.org>
    sub   4096R/0xD843C2F5E89382EB 2009-08-14 [expires: 2015-01-03]

How to get the public key?
--------------------------

There are multiple ways to get this OpenPGP public key:

- download it from this website: [[!tails_website tails-email.key]]
- fetch it from your favourite keyserver
- send an email to <tails-sendkey@boum.org>.

<a id="signing"></a>

Signing key
===========

Purpose
-------

This key only has the capability to sign and certify: it has no
encryption subkey.

Its only purpose is:

- to sign Tails released images (starting with 0.6)
- to certify other cryptographic public keys needed for Tails
  development.

Policy
------

The secret key material will never be stored on an online server or on
systems managed by anyone else than Tails core developers.

Key details
-----------

    pub   4096R/0x1202821CBE2CD9C1 2010-10-07 [expires: 2015-04-30]
          Key fingerprint = 0D24 B36A A9A2 A651 7878  7645 1202 821C BE2C D9C1
    uid                  Tails developers (signing key) <tails@boum.org>

How to get the public key?
--------------------------

There are multiple ways to get this OpenPGP public key:

  - download it from this website: [[!tails_website tails-signing.key]]
  - fetch it from your favourite keyserver.

If you already have Tails signing key but download it again, it can update the
list of existing signatures of the key.

<a id="support"></a>

User support key
================

Purpose
-------

### Encryption

  - Use this key to encrypt private support requests sent to <tails-support-private@boum.org>.
  - This same key is used to handle [[*WhisperBack* reports|first_steps/bug_reporting]].

Policy
------

The secret key material and its passphrase are stored on the server
that runs our encrypted mailing-list software and on systems managed
by core Tails developers.

[[!tails_website tails-bugs.key desc="Download the key"]]

Key details
-----------

    pub   4096R/EC57B56EF0C43132 2013-07-24 [expires: 2018-07-23]
          Key fingerprint = 1F56 EDD3 0741 0480 35DA  C1C5 EC57 B56E F0C4 3132
    uid                          Tails bug squad <tails-bugs@boum.org>
    uid                          Tails bug squad (schleuder list) <tails-bugs-owner@boum.org>
    uid                          Tails bug squad (schleuder list) <tails-bugs-request@boum.org>
    uid                          Tails private user support <tails-support-private@boum.org>
    sub   4096R/9D6D6472AFC1AD77 2013-07-24 [expires: 2018-07-23]