Tails is transitioning to a new OpenPGP signing key.

The signing key is the key that we use to:

  • Sign our official ISO images.
  • Certify the other OpenPGP keys used by the project.

The previous signing key is safe and, to the best of our knowledge, it has not been compromised.

We are doing this change to improve our security practices when manipulating such a critical piece of data.

  • The old key can still be used to verify Tails 1.3 ISO images.
  • The new key will be used to sign ISO images starting from Tails 1.3.1.

Import and verify the new signing key

Click on the following button to download and import the new signing key:

new Tails signing key

The new signing key is itself signed by the old signing key. So you can transitively trust this new key if you had trusted the old signing key.

To verify that the new key is correctly signed by the old key, you can execute the following command:

gpg --check-sigs A490D0F4D311A4153E2BB7CADBB802B258ACD84F

The output should include a signature of the new key by the old key such as:

sig!         0x1202821CBE2CD9C1 2015-01-19  Tails developers (signing key) <tails@boum.org>

In this output, the status of the verification is indicated by a flag directly following the "sig" tag. A "!" indicates that the signature has been successfully verified.

Security policy for the new signing key

Here is the full description of the new signing key:

    pub   4096R/0xDBB802B258ACD84F 2015-01-18 [expires: 2017-01-11]
          Key fingerprint = A490 D0F4 D311 A415 3E2B  B7CA DBB8 02B2 58AC D84F
    uid                 [ unknown] Tails developers (offline long-term identity key) 
    uid                 [ unknown] Tails developers 
    sub   4096R/0x98FEC6BC752A3DB6 2015-01-18 [expires: 2017-01-11]
    sub   4096R/0x3C83DCB52F699C56 2015-01-18 [expires: 2017-01-11]

You can see that it has:

  • A primary key (marked as pub) with ID 0xDBB802B258ACD84F. This primary key:

    • Is not owned in a usable format by any single individual. It is split cryptographically using gfshare.
    • Is only used offline, in an air-gapped Tails.
    • Expires in less than one year. We will extend its validity as many times as we find reasonable.
  • Two subkeys (marked as sub) with IDs 0x98FEC6BC752A3DB6 and 0x3C83DCB52F699C56 which are stored on OpenPGP smartcards and owned by our release managers. Smartcards ensure that the cryptographic operations are done on the smartcard itself and that the secret cryptographic material is not directly available to the operating system using it.

Web-of-Trust with the Debian keyring

This new signing key has already been signed by various Debian developers, namely:

So you can use the technique described in our documentation to further verify the Tails signing key against the Debian keyring using any of those three keys.