Project

General

Profile

Bug #17133

Update our OpenPGP keys in 2020

Added by intrigeri about 1 month ago. Updated about 1 month ago.

Status:
Confirmed
Priority:
High
Assignee:
Category:
-
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

What we're supposed to do each year:

  • Bump the master key's expiration date by 1 year.
  • Generate a new signing subkey for each RM, and move it onto new smartcards (the old ones are still needed to keep the previous subkey during the transition period).
  • If needed, generate and split a revocation certificate for our signing key. See internal.git for details.
  • Update the public key in wiki/src/tails-signing.key.
  • Update references to the public key at least in wiki/src/doc/about/openpgp_keys.mdwn.
  • Create a ticket about updating our OpenPGP keys next year.

To be done at the summit during northern hemisphere Spring.


Related issues

Related to Tails - Feature #15890: Update our OpenPGP keys in 2019 Resolved 09/01/2018

History

#1 Updated by intrigeri about 1 month ago

  • Assignee set to intrigeri
  • Priority changed from Normal to High

On #15890, I postponed the key only up to October 2020, hoping we will have a summit in Spring where we can bump it again and replace our subkeys (some of them will be almost 3 years old once we're there). So for now I'll keep this on my radar for next Spring.

#2 Updated by intrigeri about 1 month ago

Also available in: Atom PDF