Project

General

Profile

ReleaseKey » History » Version 14

Wolfgang Wiedmeyer, 05/07/2017 09:53 PM
separate keys for Replicant 6.0 and previous versions

1 7 Paul Kocialkowski
h1. Replicant release key
2 1 Paul Kocialkowski
3 14 Wolfgang Wiedmeyer
h2. Which key for which Replicant version?
4
5
h3. Replicant 6.0
6
7
Key ID: 5816A24C10757FC4
8
9
These images are signed with [[People#Wolfgang-Wiedmeyer|Wolfgang Wiedmeyer]]'s key which expires 2019-02-19 and has the following fingerprint:
10 1 Paul Kocialkowski
<pre>
11 14 Wolfgang Wiedmeyer
0F30 D1A0 2F73 F70A 6FEE  048E 5816 A24C 1075 7FC4
12
</pre>
13
14
h3. Replicant 4.2 and below
15
16
Key ID: 16D1FEEE4A80EB23
17
18
These images are signed with the Replicant release key which expires 2024-01-17 and has the following fingerprint:
19
<pre>
20 1 Paul Kocialkowski
E776 092B 052A DC91 FDD1 FD80 16D1 FEEE 4A80 EB23
21
</pre>
22
23 13 Wolfgang Wiedmeyer
h2. Retrieving the Replicant release key
24 1 Paul Kocialkowski
25 14 Wolfgang Wiedmeyer
In the following, @KEY_ID@ needs to be replaced with the right key ID from above.
26
27 5 Paul Kocialkowski
h3. From a key server (recommended)
28 12 Wolfgang Wiedmeyer
29 9 Loic Dachary
You can retrieve our signing key from a public key server and import it to your GPG keyring using:
30 1 Paul Kocialkowski
31 10 Wolfgang Wiedmeyer
<pre>
32 14 Wolfgang Wiedmeyer
gpg --recv-key KEY_ID
33 13 Wolfgang Wiedmeyer
</pre>
34 1 Paul Kocialkowski
35
Errors may occur if GPG is not properly configured. Following a guide like "this":https://riseup.net/en/security/message-security/openpgp/best-practices should ensure that the key is retrieved securely.
36
37 8 Paul Kocialkowski
h3. From our releases
38 1 Paul Kocialkowski
39
A copy of our signing key is shipped with every Replicant release, distributed with [[ReplicantImages|Replicant images]].
40
Once downloaded, the key can be imported to your GPG keyring using:
41 6 Paul Kocialkowski
<pre>
42 14 Wolfgang Wiedmeyer
gpg  --armor --import path/to/KEY.asc
43 1 Paul Kocialkowski
</pre>
44
45
h2. Establishing a chain of trust
46
47 11 Wolfgang Wiedmeyer
In order to establish a chain of trust, you are encouraged to retrieve our release key physically when meeting a trusted [[People|Replicant developer]] and sign it with your own key.
48 1 Paul Kocialkowski
49 11 Wolfgang Wiedmeyer
You can see the signatures the release key is already signed with running:
50
51
<pre>
52 14 Wolfgang Wiedmeyer
gpg --list-sigs KEY_ID
53 11 Wolfgang Wiedmeyer
</pre>
54
55
If a key you already trust is among these signatures, a chain of trust is established between your key and the release key. However, this chain of trust is not as strong as the direct one you establish when you personally verify and sign the release key.