GnuPG_key.mdwn 2.6 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
T(A)ILS developers maintain several OpenPGP key pairs.

[[!toc levels=2]]

Mailing-list key
================

Purpose
-------

### Encryption

This key has an encryption subkey. Please use it to encrypt email sent
to the core developers encrypted mailing-list: <amnesia@boum.org>.

### Signature

This key also has the capability to sign and certify. Until T(A)ILS
0.5 and 0.6~rc3, released images were signed by this key. This purpose
is now deprecated: further releases will be signed by a dedicated,
safer signing key. As of 2010 October 7th, our mailing-list key
signature only means our mailing-list software checked the signed
content was originally OpenPGP-signed by a T(A)ILS core developer.

Policy
------

The secret key material and its passphrase are stored on the server
that runs our encrypted mailing-list software and on systems managed
by core T(A)ILS developers.

This means people other than T(A)ILS developers are in a position to
use this secret key. T(A)ILS developers trust these people enough to
rely on them for running our encrypted mailing-list, but still: this
key pair is managed in a less safe way than our signing key.

Key details
-----------

40
41
42
	pub   4096R/F93E735F 2009-08-14 [expires: 2014-08-13]
	      Key fingerprint = 09F6 BC8F EEC9 D8EE 005D  BAA4 1D29 75ED F93E 735F
	uid                  Amnesia <amnesia@boum.org>
43
	uid                  T(A)ILS developers (Schleuder mailing-list) <amnesia@boum.org>
44
45
	sub   4096R/E89382EB 2009-08-14 [expires: 2014-08-13]

46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
How to get the public key?
--------------------------

There are multiple ways to get this OpenPGP public key:

- [download it from this website](https://amnesia.boum.org/amnesia.asc)
- fetch it from your favourite keyserver
- send an email to <amnesia-sendkey@boum.org>.

Signing key
===========

Purpose
-------

This key only has the capability to sign and certify: it has no
encryption subkey.

Its only purpose is:

- to sign T(A)ILS released images (starting with 0.6)
- to certify other cryptographic public keys needed for T(A)ILS
  development.

Policy
------

The secret key material will never be stored on an online server or on
systems managed by anyone else than T(A)ILS core developers.

Key details
-----------

	pub   4096R/BE2CD9C1 2010-10-07 [expires: 2012-10-06]
	      Key fingerprint = 0D24 B36A A9A2 A651 7878  7645 1202 821C BE2C D9C1
	uid                  T(A)ILS developers (signing key) <amnesia@boum.org>


How to get the public key?
--------------------------
86

87
There are multiple ways to get this OpenPGP public key:
88

89
90
- [download it from this website](https://amnesia.boum.org/amnesia.asc)
- fetch it from your favourite keyserver.