mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2024-12-27 08:19:24 -05:00
Use long form PGP key IDs and reference-style links
This commit is contained in:
parent
83bd0ec13c
commit
0ae2e72217
@ -61,20 +61,16 @@ Importing Qubes Signing Keys
|
|||||||
|
|
||||||
Every file published by the Qubes Project (ISO, RPM, TGZ files and git
|
Every file published by the Qubes Project (ISO, RPM, TGZ files and git
|
||||||
repositories) is digitally signed by one of the developer or release signing
|
repositories) is digitally signed by one of the developer or release signing
|
||||||
keys. Each such key is signed by the Qubes Master Signing Key
|
keys. Each such key is signed by the [Qubes Master Signing Key]
|
||||||
([`0x36879494`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc)).
|
(`0xDDFA1A3E36879494`).
|
||||||
|
|
||||||
The public portion of the Qubes Master Signing Key can be imported directly
|
The public portion of the Qubes Master Signing Key can be imported directly
|
||||||
from a [
|
from a [keyserver] (specified on first use with `--keyserver <URI>`, keyserver
|
||||||
keyserver](https://en.wikipedia.org/wiki/Key_server_%28cryptographic%29#Keyserver_examples)
|
saved in `~/.gnupg/gpg.conf`), e.g.,
|
||||||
(specified on first use with --keyserver URI, keyserver saved in
|
|
||||||
`~/.gnupg/gpg.conf`), e.g.,
|
|
||||||
|
|
||||||
gpg --keyserver pool.sks-keyservers.net --recv-keys 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494
|
gpg --keyserver pool.sks-keyservers.net --recv-keys 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494
|
||||||
|
|
||||||
or downloaded
|
or downloaded [here][Qubes Master Signing Key] and imported with gpg,
|
||||||
[here](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc) and
|
|
||||||
imported with gpg,
|
|
||||||
|
|
||||||
$ gpg --import ./qubes-master-signing-key.asc
|
$ gpg --import ./qubes-master-signing-key.asc
|
||||||
|
|
||||||
@ -83,24 +79,17 @@ or fetched directly with gpg.
|
|||||||
$ gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-master-signing-key.asc
|
$ gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-master-signing-key.asc
|
||||||
|
|
||||||
For additional security we also publish the fingerprint of the Qubes Master
|
For additional security we also publish the fingerprint of the Qubes Master
|
||||||
Signing Key
|
Signing Key here in this document:
|
||||||
([`0x36879494`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc))
|
|
||||||
here in this document:
|
|
||||||
|
|
||||||
pub 4096R/36879494 2010-04-01
|
pub 4096R/36879494 2010-04-01
|
||||||
Key fingerprint = 427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494
|
Key fingerprint = 427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494
|
||||||
uid Qubes Master Signing Key
|
uid Qubes Master Signing Key
|
||||||
|
|
||||||
There should also be a copy of this key at the project's main website, in the
|
There should also be a copy of this key at the project's main website, in the
|
||||||
[Qubes Security Pack](/doc/security-pack/), and in the archives of the
|
[Qubes Security Pack], and in the archives of the project's [developer] and
|
||||||
project's
|
[user] [mailing lists].
|
||||||
[developer](https://groups.google.com/forum/#!msg/qubes-devel/RqR9WPxICwg/kaQwknZPDHkJ)
|
|
||||||
and
|
|
||||||
[user](https://groups.google.com/d/msg/qubes-users/CLnB5uFu_YQ/ZjObBpz0S9UJ)
|
|
||||||
mailing lists.
|
|
||||||
|
|
||||||
Once you have obtained the Qubes Master Signing Key
|
Once you have obtained the Qubes Master Signing Key,
|
||||||
([`0x36879494`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc)),
|
|
||||||
you should verify the fingerprint of this key very carefully by obtaining
|
you should verify the fingerprint of this key very carefully by obtaining
|
||||||
copies of the fingerprint from trustworthy independent sources and comparing
|
copies of the fingerprint from trustworthy independent sources and comparing
|
||||||
them to the downloaded key's fingerprint to ensure they match. Then set its
|
them to the downloaded key's fingerprint to ensure they match. Then set its
|
||||||
@ -151,9 +140,8 @@ verify all the keys signed by the Qubes Master Signing Key:
|
|||||||
Now you can easily download any of the developer or release signing keys that
|
Now you can easily download any of the developer or release signing keys that
|
||||||
happen to be used to sign particular ISO, RPM, TGZ files or git tags.
|
happen to be used to sign particular ISO, RPM, TGZ files or git tags.
|
||||||
|
|
||||||
For example: Qubes OS Release 3 Signing Key
|
For example, the Qubes OS [Release 3 Signing Key] (`0xCB11CA1D03FA5082`) is
|
||||||
([`0x03FA5082`](https://keys.qubes-os.org/keys/qubes-release-3-signing-key.asc))
|
used for all Release 3 ISO images:
|
||||||
is used for all Release 3 ISO images.
|
|
||||||
|
|
||||||
$ gpg --recv-keys 0xC52261BE0A823221D94CA1D1CB11CA1D03FA5082
|
$ gpg --recv-keys 0xC52261BE0A823221D94CA1D1CB11CA1D03FA5082
|
||||||
gpg: requesting key 03FA5082 from hkp server keys.gnupg.net
|
gpg: requesting key 03FA5082 from hkp server keys.gnupg.net
|
||||||
@ -166,16 +154,12 @@ is used for all Release 3 ISO images.
|
|||||||
|
|
||||||
You can also download all the currently used developers' signing keys and
|
You can also download all the currently used developers' signing keys and
|
||||||
current and older release signing keys (and also a copy of the Qubes Master
|
current and older release signing keys (and also a copy of the Qubes Master
|
||||||
Signing Key) from the [keys directory on our
|
Signing Key) from the [Qubes OS Keyserver] and from the [Qubes Security Pack].
|
||||||
server](https://keys.qubes-os.org/keys/) and from the [Qubes Security
|
|
||||||
Pack](/doc/security-pack/).
|
|
||||||
|
|
||||||
The developer signing keys are set to be valid for 1 year only, while the Qubes
|
The developer signing keys are set to be valid for 1 year only, while the Qubes
|
||||||
Master Signing Key
|
Master Signing Key has no expiration date. This latter key was generated and is
|
||||||
([`0x36879494`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc))
|
kept only within a dedicated, air-gapped "vault" machine, and the private
|
||||||
has no expiration date. This latter key was generated and is kept only within a
|
portion will (hopefully) never leave this isolated machine.
|
||||||
dedicated, air-gapped "vault" machine, and the private portion will (hopefully)
|
|
||||||
never leave this isolated machine.
|
|
||||||
|
|
||||||
You can now verify the ISO image (`Qubes-R3.1-x86_64.iso`) matches its
|
You can now verify the ISO image (`Qubes-R3.1-x86_64.iso`) matches its
|
||||||
signature (`Qubes-R3.1-x86_64.iso.asc`):
|
signature (`Qubes-R3.1-x86_64.iso.asc`):
|
||||||
@ -187,10 +171,8 @@ signature (`Qubes-R3.1-x86_64.iso.asc`):
|
|||||||
gpg: Good signature from "Qubes OS Release 3 Signing Key"
|
gpg: Good signature from "Qubes OS Release 3 Signing Key"
|
||||||
gpg: binary signature, digest algorithm SHA256
|
gpg: binary signature, digest algorithm SHA256
|
||||||
|
|
||||||
The Release 3 Signing Key
|
The Release 3 Signing Key used to sign this ISO image should be signed by the
|
||||||
([`0x03FA5082`](https://keys.qubes-os.org/keys/qubes-release-3-signing-key.asc))
|
Qubes Master Signing Key:
|
||||||
used to sign this ISO image should be signed by the Qubes Master Signing Key
|
|
||||||
([`0x36879494`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc)):
|
|
||||||
|
|
||||||
$ gpg --list-sig 03FA5082
|
$ gpg --list-sig 03FA5082
|
||||||
pub 4096R/03FA5082 2014-11-19
|
pub 4096R/03FA5082 2014-11-19
|
||||||
@ -308,3 +290,14 @@ trusted!
|
|||||||
To verify a signature on a git tag, you can use:
|
To verify a signature on a git tag, you can use:
|
||||||
|
|
||||||
$ git tag -v <tag name>
|
$ git tag -v <tag name>
|
||||||
|
|
||||||
|
|
||||||
|
[Qubes Master Signing Key]: https://keys.qubes-os.org/keys/qubes-master-signing-key.asc
|
||||||
|
[keyserver]: https://en.wikipedia.org/wiki/Key_server_%28cryptographic%29#Keyserver_examples
|
||||||
|
[Qubes Security Pack]: /doc/security-pack/
|
||||||
|
[developer]: https://groups.google.com/forum/#!msg/qubes-devel/RqR9WPxICwg/kaQwknZPDHkJ
|
||||||
|
[user]: https://groups.google.com/d/msg/qubes-users/CLnB5uFu_YQ/ZjObBpz0S9UJ
|
||||||
|
[mailing lists]: /mailing-lists/
|
||||||
|
[Release 3 Signing Key]: https://keys.qubes-os.org/keys/qubes-release-3-signing-key.asc
|
||||||
|
[Qubes OS Keyserver]: https://keys.qubes-os.org/keys/
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user