openpgp_keys.mdwn 11.5 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
[[!meta title="OpenPGP keys"]]

Tails developers maintain several OpenPGP key pairs.

<div class="caution">

<p>Make sure to verify the keys that you download, because there are
several fake and maybe malicious Tails keys on the key servers.</p>

<p>For example, if you first [[authenticate the Tails signing key
through the OpenPGP Web of Trust|install/download#wot]], then
you can verify our others keys as they are all certified by the Tails
signing key.</p>

</div>

[[!toc levels=1]]

<a id="private"></a>

Private mailing list key
========================

Purpose
-------

### Encryption

This key has an encryption subkey. Please use it to encrypt email sent
to the core developers encrypted mailing list: [[tails@boum.org|about/contact#tails]].

Policy
------

The secret key material and its passphrase are stored on the server
that runs our encrypted mailing list software and on systems managed
by core Tails developers.

This means people other than Tails developers are in a position to
use this secret key. Tails developers trust these people enough to
rely on them for running our encrypted mailing list, but still: this
key pair is managed in a less safe way than our signing key.

Key details
-----------

    pub   4096R/0x1D2975EDF93E735F 2009-08-14 [expires: 2019-08-01]
          Key fingerprint = 09F6 BC8F EEC9 D8EE 005D  BAA4 1D29 75ED F93E 735F
    uid                  Tails developers (Schleuder mailing-list) <tails@boum.org>
    uid                  Tails list (schleuder list) <tails-request@boum.org>
    uid                  Tails list (schleuder list) <tails-owner@boum.org>
    sub   4096R/0xD843C2F5E89382EB 2009-08-14 [expires: 2019-08-01]

How to get the public key?
--------------------------

There are multiple ways to get this OpenPGP public key:

- download it from this website: [[!tails_website tails-email.key]]
- fetch it from your favourite keyserver
- send an email to <tails-sendkey@boum.org>.

<a id="signing"></a>

Signing key
===========

Purpose
-------

This key only has the capability to sign and certify: it has no
encryption subkey.

Its only purpose is:

- to sign Tails released images;
- to certify other cryptographic public keys needed for Tails
  development.

Policy
------

The secret key material will never be stored on an online server or on
systems managed by anyone other than Tails core developers.

### Primary key

* Is not owned in a usable format by any single individual. It is
  split cryptographically using
  [gfshare](http://www.digital-scurf.org/software/libgfshare).
* Is only used offline, in an air-gapped Tails only communicating with
  the outside world through:
  - Plugging the Tails flash media in another operating system to install Tails
    in the first place.
  - Plugging other removable media in the air-gapped Tails to send the
    public key, secret key stubs, parts of the secret master key, and so on
    to the outside world.
  - Plugging other removable media in the air-gapped Tails to receive Debian
    packages, public keys, and so on from the outside world.
* Expires in less than one year. We will extend its validity as many
  times as we find reasonable.
* Has a revocation certificate split amongst different people.
  See the [[details of the mechanism|signing_key_revocation]].

### Signing subkeys

* Stored on OpenPGP smartcards owned by those who need them.
  Smartcards ensure that the cryptographic operations are done on the
  smartcard itself and that the secret cryptographic material is not
  directly available to the operating system using it.
* Expiration date: same as the primary key.

Key details
-----------

116
    pub   rsa4096/0xDBB802B258ACD84F 2015-01-18 [C] [expires: 2020-10-07]
117
118
119
          Key fingerprint = A490 D0F4 D311 A415 3E2B  B7CA DBB8 02B2 58AC D84F
    uid                   [  full  ] Tails developers (offline long-term identity key) <tails@boum.org>
    uid                   [  full  ] Tails developers <tails@boum.org>
120
121
122
123
    sub   rsa4096/0xD21DAD38AF281C0B 2017-08-28 [S] [expires: 2020-10-07]
    sub   rsa4096/0x3020A7A9C2B72733 2017-08-28 [S] [expires: 2020-10-07]
    sub   ed25519/0x90B2B4BD7AED235F 2017-08-28 [S] [expires: 2020-10-07]
    sub   rsa4096/0xA8B0F4E45B1B50E2 2018-08-30 [S] [expires: 2020-10-07]
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

How to get the public key?
--------------------------

There are multiple ways to get this OpenPGP public key:

  - download it from this website: [[!tails_website tails-signing.key]]
  - fetch it from your favourite keyserver.

If you already have Tails signing key but download it again, it can update the
list of existing signatures of the key.

<a id="support"></a>

User support key
================

Purpose
-------

### Encryption

  - Use this key to encrypt private support requests sent to
    [[tails-support-private@boum.org|about/contact#tails-support-private]].
  - This same key is used to handle [[*WhisperBack* reports|first_steps/bug_reporting]].

Policy
------

The secret key material and its passphrase are stored on the server
that runs our encrypted mailing list software and on systems managed
by core Tails developers.

Key details
-----------

sajolida's avatar
sajolida committed
160
    pub   rsa4096/0xEC57B56EF0C43132 2013-07-24 [SC] [expires: 2020-04-14]
161
          Key fingerprint = 1F56 EDD3 0741 0480 35DA  C1C5 EC57 B56E F0C4 3132
sajolida's avatar
sajolida committed
162
163
164
165
166
    uid                   [  full  ] Tails bug squad <tails-bugs@boum.org>
    uid                   [  undef ] Tails bug squad (schleuder list) <tails-bugs-owner@boum.org>
    uid                   [  undef ] Tails bug squad (schleuder list) <tails-bugs-request@boum.org>
    uid                   [  full  ] Tails private user support <tails-support-private@boum.org>
    sub   rsa4096/0x9D6D6472AFC1AD77 2013-07-24 [E] [expires: 2020-04-14]
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190

How to get the public key?
--------------------------

There are multiple ways to get this OpenPGP public key:

  - download it from this website: [[!tails_website tails-bugs.key]]
  - fetch it from your favourite keyserver.

<a id="press"></a>

Press team key
==============

Purpose
-------

### Encryption

  - Use this key to encrypt private emails sent to
    [[tails-press@boum.org|about/contact#tails-press]].

Key details
-----------
sajolida's avatar
sajolida committed
191
192
193
194
195
196
197

    pub   rsa4096/0x457080B5A072CBE3 2014-07-11 [SCEA]
          Key fingerprint = F3CD 9B7B 4BDF 9995 DA22  088E 4570 80B5 A072 CBE3
    uid                   [  undef ] Tails press team (schleuder list) <tails-press@boum.org>
    uid                   [  undef ] Tails press team (schleuder list) <tails-press-owner@boum.org>
    uid                   [  undef ] Tails press team (schleuder list) <tails-press-request@boum.org>
    sub   rsa4096/0x5748DE3BC338BFFC 2014-07-11 [SEA]
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222

How to get the public key?
--------------------------

There are multiple ways to get this OpenPGP public key:

  - download it from this website: [[!tails_website tails-press.key]]
  - fetch it from your favourite keyserver.

<a id="accounting"></a>

Accounting team key
===================

Purpose
-------

### Encryption

  - Use this key to encrypt private emails sent to
    [[tails-accounting@boum.org|about/contact#tails-acccounting]].

Key details
-----------

sajolida's avatar
sajolida committed
223
224
225
226
227
228
    pub   rsa4096/0xC436090F4BB47C6F 2014-07-11 [SCEA]
          Key fingerprint = 256D EB90 7788 0CD6 8167  8528 C436 090F 4BB4 7C6F
    uid                   [  undef ] Tails accounting team (schleuder list) <tails-accounting@boum.org>
    uid                   [  undef ] Tails accounting team (schleuder list) <tails-accounting-owner@boum.org>
    uid                   [  undef ] Tails accounting team (schleuder list) <tails-accounting-request@boum.org>
    sub   rsa4096/0x289A5B45A9E89475 2014-07-11 [SEA]
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285

How to get the public key?
--------------------------

There are multiple ways to get this OpenPGP public key:

  - download it from this website: [[!tails_website tails-accounting.key]]
  - fetch it from your favourite keyserver.


<a id="foundations"></a>

Foundations team key
==================

Purpose
-------

### Encryption

  - Use this key to encrypt private emails sent to
    [[tails-foundations@boum.org|about/contact#tails-foundations]].

Key details
-----------

    pub   rsa4096/0xA827FE0D677E522C 2019-02-24 [SC]
          Key fingerprint = EFC9 4A11 CBF6 F00F 509C  EB0C A827 FE0D 677E 522C
    uid                   [ unknown] tails-foundations@boum.org <tails-foundations@boum.org>
    uid                   [ unknown] tails-foundations@boum.org <tails-foundations-request@boum.org>
    uid                   [ unknown] tails-foundations@boum.org <tails-foundations-owner@boum.org>
    sub   rsa4096/0x244F9D7C6DF90D6D 2019-02-24 [E]

How to get the public key?
--------------------------

There are multiple ways to get this OpenPGP public key:

  - download it from this website: [[!tails_website tails-foundations.key]]
  - fetch it from your favourite keyserver.

<a id="mirrors"></a>

Mirrors team key
===================

Purpose
-------

### Encryption

  - Use this key to encrypt private emails sent to
    [[tails-mirrors@boum.org|about/contact#tails-mirrors]].

Key details
-----------

sajolida's avatar
sajolida committed
286
287
288
289
290
291
    pub   rsa4096/0xD2EDA621B572DD73 2016-04-29 [SCEA]
          Key fingerprint = 0B08 8E31 D4F8 E59A 3D39  9137 D2ED A621 B572 DD73
    uid                   [ unknown] Tails mirror pool managers (schleuder list) <tails-mirrors@boum.org>
    uid                   [ unknown] Tails mirror pool managers (schleuder list) <tails-mirrors-request@boum.org>
    uid                   [ unknown] Tails mirror pool managers (schleuder list) <tails-mirrors-owner@boum.org>
    sub   rsa4096/0x3DCFC1EB1C62C73C 2016-04-29 [SEA]
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316

How to get the public key?
--------------------------

There are multiple ways to get this OpenPGP public key:

  - download it from this website: [[!tails_website tails-mirrors.key]]
  - fetch it from your favourite keyserver.

<a id="sysadmins"></a>

Sysadmins team key
==================

Purpose
-------

### Encryption

  - Use this key to encrypt private emails sent to
    [[tails-sysadmins@boum.org|about/contact#tails-sysadmins]].

Key details
-----------

sajolida's avatar
sajolida committed
317
318
319
320
321
322
    pub   rsa4096/0x70F4F03116525F43 2012-08-23 [SC] [expires: 2020-02-17]
          Key fingerprint = D113 CB6D 5131 D34B A5F0  FE9E 70F4 F031 1652 5F43
    uid                   [ unknown] Tails system administrators <tails-sysadmins@boum.org>
    uid                   [ unknown] Tails system administrators (schleuder list) <tails-sysadmins-owner@boum.org>
    uid                   [ unknown] Tails system administrators (schleuder list) <tails-sysadmins-request@boum.org>
    sub   rsa4096/0x58BA940CCA0A30B4 2012-08-23 [E] [expires: 2020-02-17]
323
324
325
326
327
328
329
330

How to get the public key?
--------------------------

There are multiple ways to get this OpenPGP public key:

  - download it from this website: [[!tails_website tails-sysadmins.key]]
  - fetch it from your favourite keyserver.
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361

<a id="translations"></a>

Translations team key
=====================

Purpose
-------

### Encryption

  - Use this key to encrypt private emails sent to
    [[tails-translations@boum.org|about/contact#tails-translations]].

Key details
-----------

    pub   rsa4096/0x8D9F6B0A628D9B11 2019-07-25 [SC]
          Key fingerprint = F63E 5590 7746 5C5A 1768  32CC 8D9F 6B0A 628D 9B11
    uid                   [ unknown] tails-translations@boum.org <tails-translations@boum.org>
    uid                   [ unknown] tails-translations@boum.org <tails-translations-request@boum.org>
    uid                   [ unknown] tails-translations@boum.org <tails-translations-owner@boum.org>
    sub   rsa4096/0x13C3AEF73EED3FB9 2019-07-25 [E]

How to get the public key?
--------------------------

There are multiple ways to get this OpenPGP public key:

  - download it from this website: [[!tails_website tails-translations.key]]
  - fetch it from your favourite keyserver.