Hi, Random User: > As the copied output below shows, Tails 2.5 is signed with an RSA key > that is different from the one that was used for /at least/ the previous > three versions of Tails. What accounts for this change? > > gpg: Signature made Sun 31 Jul 2016 02:21:52 PM EDT > gpg: using RSA key 0x3C83DCB52F699C56 > gpg: Good signature from "Tails developers (offline long-term identity > key) <[email protected]>" > gpg: aka "Tails developers <[email protected]>" > > Primary key fingerprint: A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC > D84F > Subkey fingerprint: A509 1F72 C746 BA6B 163D 1C18 3C83 DCB5 2F69 9C56 > > The key used previously: > 0x98FEC6BC752A3DB6 > Fingerprint: > BA2C 222F 44AC 00ED 9899 3893 98FE C6BC 752A 3DB6
The Tails signing key consists of two subkeys. Both are valid. The change depends on who of the two Release Managers works and signs the ISO. For the last three ISOs, anonym was the RM. And for 2.5 it was intrigeri. This is public information, sent everytime to tails-dev, before a release. Here are the fingerprints I have: pub 4096R/0xDBB802B258ACD84F 2015-01-18 [expires: 2017-01-11] Fingerprint = A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F uid [ undef.] Tails developers (offline long-term identity key) <[email protected]> uid [ unbek.] Tails developers <[email protected]> sub 4096R/0x98FEC6BC752A3DB6 2015-01-18 [expires: 2017-01-11] Fingerprint = BA2C 222F 44AC 00ED 9899 3893 98FE C6BC 752A 3DB6 sub 4096R/0x3C83DCB52F699C56 2015-01-18 [expires: 2017-01-11] Fingerprint = A509 1F72 C746 BA6B 163D 1C18 3C83 DCB5 2F69 9C56 Cheers! u.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support To unsubscribe from this list, send an empty email to [email protected].
