Update our OpenPGP keys in 2021
What we’re supposed to do each year:
- Bump the master key’s expiration date by 1 year.
- Generate a new signing subkey for each RM, and move it onto new smartcards (the old ones are still needed to keep the previous subkey during the transition period).
- If needed, generate and split a revocation certificate for our signing key. See internal.git for details.
- Update the public key in
wiki/src/tails-signing.key
. - Update references to the public key at least in
wiki/src/doc/about/openpgp_keys.mdwn
. - Create an issue about updating our OpenPGP keys next year.
To be done at the summit during northern hemisphere Spring.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information