summaryrefslogtreecommitdiffstats
path: root/wiki/src/doc/about/openpgp_keys.mdwn
blob: 4657a158d9b0a9f0a6d6134f40108b29d14db23a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
[[!meta title="OpenPGP keys"]]

Tails developers maintain several OpenPGP key pairs.

[[!toc levels=2]]

Mailing-list key
================

Purpose
-------

### Encryption

This key has an encryption subkey. Please use it to encrypt email sent
to the core developers encrypted mailing-list: <tails@boum.org>.

### Signature

This key also has the capability to sign and certify. Until Tails
0.5 and 0.6~rc3, released images were signed by this key. This purpose
is now deprecated: further releases will be signed by a dedicated,
safer signing key. As of 2010 October 7th, our mailing-list key
signature only means our mailing-list software checked the signed
content was originally OpenPGP-signed by a Tails core developer.

Policy
------

The secret key material and its passphrase are stored on the server
that runs our encrypted mailing-list software and on systems managed
by core Tails developers.

This means people other than Tails developers are in a position to
use this secret key. Tails developers trust these people enough to
rely on them for running our encrypted mailing-list, but still: this
key pair is managed in a less safe way than our signing key.

Key details
-----------

    pub   4096R/0x1D2975EDF93E735F 2009-08-14 [expires: 2015-01-03]
          Key fingerprint = 09F6 BC8F EEC9 D8EE 005D  BAA4 1D29 75ED F93E 735F
    uid                  Amnesia <amnesia@boum.org>
    uid                  Tails developers (Schleuder mailing-list) <tails@boum.org>
    uid                  T(A)ILS developers (Schleuder mailing-list) <amnesia@boum.org>
    uid                  Tails list (schleuder list) <tails-request@boum.org>
    uid                  Tails list (schleuder list) <tails-owner@boum.org>
    sub   4096R/0xD843C2F5E89382EB 2009-08-14 [expires: 2015-01-03]

How to get the public key?
--------------------------

There are multiple ways to get this OpenPGP public key:

- download it from this website: [[!tails_website tails-email.key]]
- fetch it from your favourite keyserver
- send an email to <tails-sendkey@boum.org>.

Signing key
===========

Purpose
-------

This key only has the capability to sign and certify: it has no
encryption subkey.

Its only purpose is:

- to sign Tails released images (starting with 0.6)
- to certify other cryptographic public keys needed for Tails
  development.

Policy
------

The secret key material will never be stored on an online server or on
systems managed by anyone else than Tails core developers.

Key details
-----------

    pub   4096R/0x1202821CBE2CD9C1 2010-10-07 [expires: 2015-04-30]
          Key fingerprint = 0D24 B36A A9A2 A651 7878  7645 1202 821C BE2C D9C1
    uid                  Tails developers (signing key) <tails@boum.org>
    uid                  T(A)ILS developers (signing key) <amnesia@boum.org>

How to get the public key?
--------------------------

There are multiple ways to get this OpenPGP public key:

  - download it from this website: [[!tails_website tails-signing.key]]
  - fetch it from your favourite keyserver.

If you already have Tails signing key but download it again, it can update the
list of existing signatures of the key.