thgtoa/KEY_ROTATION.md at main

1.2 KiB

Raw Permalink Blame History

PGP/GPG key ID 7DFFD7471FB76E2A8ABBBCDDD769B3749E933B8A is no longer active
PGP/GPG key ID 42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920 is no longer active

This project now uses separate master, release signing, and email keys.

Current master key fingerprint: 9EA98278639F1CD853E096CBFF94507587A6A9B9
Current release key fingerprint: 83A6CF9EF57AC25B5C7F5D29285E6048A12321B2
Current email key fingerprint: B6D1757632A280F99F2DCBFDB9AB9D93AFF05B9C

The email and release keys should be signed by the master key.
The master key takes precedence over all other project keys.

Minisign key

untrusted comment: minisign public key 902835EC74825934  
RWQ0WYJ07DUokK8V/6LNJ9bf/O/QM9k4FSlDmzgEeXm7lEpw3ecYjXDM

is no longer active

Use

untrusted comment: minisign public key FE6A09A3AF18F7A7  
RWSn9xivowlq/ihAzclDBxhCxbYz4bLkC8E645lHgSUlQNlDvoTxO5Fv

instead

Files signed using this key pair can be verified with the following command:

minisign -Vm <file> -P RWSn9xivowlq/ihAzclDBxhCxbYz4bLkC8E645lHgSUlQNlDvoTxO5Fv

1.2 KiB Raw Permalink Blame History

The email and release keys should be signed by the master key. The master key takes precedence over all other project keys.

1.2 KiB

Raw Permalink Blame History

The email and release keys should be signed by the master key.
The master key takes precedence over all other project keys.