ReleaseKey » History » Version 17
Denis 'GNUtoo' Carikli, 02/23/2020 12:41 PM
remove expiration date for wolfgang's key as he already updated the key once
1 | 16 | dl lud | h1. Release keys |
---|---|---|---|
2 | 1 | Paul Kocialkowski | |
3 | 14 | Wolfgang Wiedmeyer | h2. Which key for which Replicant version? |
4 | |||
5 | 17 | Denis 'GNUtoo' Carikli | h3. Replicant 6.0z |
6 | 14 | Wolfgang Wiedmeyer | |
7 | Key ID: 5816A24C10757FC4 |
||
8 | |||
9 | 17 | Denis 'GNUtoo' Carikli | These images are signed with [[People#Wolfgang-Wiedmeyer|Wolfgang Wiedmeyer]]'s key and has the following fingerprint: |
10 | 1 | Paul Kocialkowski | <pre> |
11 | 14 | Wolfgang Wiedmeyer | 0F30 D1A0 2F73 F70A 6FEE 048E 5816 A24C 1075 7FC4 |
12 | </pre> |
||
13 | |||
14 | h3. Replicant 4.2 and below |
||
15 | |||
16 | Key ID: 16D1FEEE4A80EB23 |
||
17 | |||
18 | These images are signed with the Replicant release key which expires 2024-01-17 and has the following fingerprint: |
||
19 | <pre> |
||
20 | 1 | Paul Kocialkowski | E776 092B 052A DC91 FDD1 FD80 16D1 FEEE 4A80 EB23 |
21 | </pre> |
||
22 | |||
23 | 13 | Wolfgang Wiedmeyer | h2. Retrieving the Replicant release key |
24 | 1 | Paul Kocialkowski | |
25 | 14 | Wolfgang Wiedmeyer | In the following, @KEY_ID@ needs to be replaced with the right key ID from above. |
26 | |||
27 | 5 | Paul Kocialkowski | h3. From a key server (recommended) |
28 | 12 | Wolfgang Wiedmeyer | |
29 | 9 | Loic Dachary | You can retrieve our signing key from a public key server and import it to your GPG keyring using: |
30 | 1 | Paul Kocialkowski | |
31 | 10 | Wolfgang Wiedmeyer | <pre> |
32 | 14 | Wolfgang Wiedmeyer | gpg --recv-key KEY_ID |
33 | 13 | Wolfgang Wiedmeyer | </pre> |
34 | 1 | Paul Kocialkowski | |
35 | Errors may occur if GPG is not properly configured. Following a guide like "this":https://riseup.net/en/security/message-security/openpgp/best-practices should ensure that the key is retrieved securely. |
||
36 | |||
37 | 8 | Paul Kocialkowski | h3. From our releases |
38 | 1 | Paul Kocialkowski | |
39 | A copy of our signing key is shipped with every Replicant release, distributed with [[ReplicantImages|Replicant images]]. |
||
40 | Once downloaded, the key can be imported to your GPG keyring using: |
||
41 | 6 | Paul Kocialkowski | <pre> |
42 | 14 | Wolfgang Wiedmeyer | gpg --armor --import path/to/KEY.asc |
43 | 1 | Paul Kocialkowski | </pre> |
44 | |||
45 | h2. Establishing a chain of trust |
||
46 | |||
47 | 11 | Wolfgang Wiedmeyer | In order to establish a chain of trust, you are encouraged to retrieve our release key physically when meeting a trusted [[People|Replicant developer]] and sign it with your own key. |
48 | 1 | Paul Kocialkowski | |
49 | 11 | Wolfgang Wiedmeyer | You can see the signatures the release key is already signed with running: |
50 | |||
51 | <pre> |
||
52 | 14 | Wolfgang Wiedmeyer | gpg --list-sigs KEY_ID |
53 | 11 | Wolfgang Wiedmeyer | </pre> |
54 | |||
55 | If a key you already trust is among these signatures, a chain of trust is established between your key and the release key. However, this chain of trust is not as strong as the direct one you establish when you personally verify and sign the release key. |