We finally have a new signing key for our official Android releases. We had to make a new one because the current one is using 1024-bit RSA, like the large majority of Android signing keys. RSA 1024-bit is considering deprecated, so we are now signing all new apps with our new 4096-bit signing key.
I'd appreciate it if people can check these public files to double-check I didn't do anything stupid. There are so many annoying technical details in this process, yet another pair of eyes could never hurt. Here are the files and GPG signatures: https://guardianproject.info/releases/guardianproject-rsa4096-signing-certificate.pem https://guardianproject.info/releases/guardianproject-rsa4096-signing-certificate.pem.sig https://guardianproject.info/releases/guardianproject-rsa4096-signing-publickey.pem https://guardianproject.info/releases/guardianproject-rsa4096-signing-publickey.pem.sig In related news, we have been working with TAILS as the distro for the offline key generation and management process. We call this project "Clean Room". The good news is that the next release of TAILS (the one based on Debian/wheezy) should be usable for Cleanroom, the bad news is that the current version of TAILS is based Debian/squeeze, which is too old to do everything that is required. For more info: https://dev.guardianproject.info/projects/psst/wiki/CleanRoom .hc -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
