thgtoa/KEY_ROTATION.md
2022-11-13 03:34:50 -05:00

32 lines
1.1 KiB
Markdown

PGP/GPG key ID `7DFFD7471FB76E2A8ABBBCDDD769B3749E933B8A` is no longer active
PGP/GPG key ID `42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920` is no longer active
This project now uses separate master, release signing, and email keys.
Current master key fingerprint: `9EA98278639F1CD853E096CBFF94507587A6A9B9`
Current release key fingerprint: `83A6CF9EF57AC25B5C7F5D29285E6048A12321B2`
Current email key fingerprint: `B6D1757632A280F99F2DCBFDB9AB9D93AFF05B9C`
The email and release keys should be signed by the master key.
The master key takes precedence over all other project keys.
------------------------------------------------------------------------------------
Minisign key
```
untrusted comment: minisign public key 902835EC74825934
RWQ0WYJ07DUokK8V/6LNJ9bf/O/QM9k4FSlDmzgEeXm7lEpw3ecYjXDM
```
is no longer active
Use
```
untrusted comment: minisign public key FE6A09A3AF18F7A7
RWSn9xivowlq/ihAzclDBxhCxbYz4bLkC8E645lHgSUlQNlDvoTxO5Fv
```
instead
Files signed using this key pair can be verified with the following command:
```
minisign -Vm <file> -P RWSn9xivowlq/ihAzclDBxhCxbYz4bLkC8E645lHgSUlQNlDvoTxO5Fv
```