corner image corner image corner image corner image Archive Signing Keys

This page contains information on the current and past archive signing keys. The release files are signed by an automatic archive signing key in order to allow verification that software being downloaded has not been interfered with.

Please note that as this page is not available by a secure mechanism (for instance https), you cannot rely on keys or information available here for verification purposes. The details here are for information only.

Which release should be signed with which key?

Stable releases are signed by both the ftp-master automatic archive signing key in use at the time of the release, and a per-release stable key. Release files for other releases (proposed-updates, testing, testing-proposed-updates, unstable and experimental) are signed only by the ftp-master automatic key.

The security archive is signed by the normal ftp-master key only.

The current procedure is that there is one ftp-master key per release (former procedure introduced a new key once per year).

Archive Keys

Active Signing Keys

The current (2007/etch) key can be downloaded here

Upcoming Signing Keys

The new key, which will be used after the 4.0 key expires or after Lenny r1 is released, can be downloaded here. (The debian-devel announcement regarding this key can be read at http://lists.debian.org/debian-devel-announce/2009/01/msg00008.html)

Stable Keys

etch

The fingerprint of the etch stable release key is 7EA3 91D7 2477 203B 58C0 4FBC B5D0 C804 ADB1 1277

lenny

The fingerprint of the lenny stable release key is 7F5A 4445 4C72 4A65 CBCD 4FB1 4D27 0D06 F425 84E6

Retired Signing Keys

The following retired and in most cases expired keys are available. Note that these keys are no longer in use and are listed here for reference purposes only:

Key Replacement Procedure

When the archive key is to be replaced, a new key will be generated by one of the ftpmasters. This key will then be signed by that ftpmaster and other ftpmasters and members of the ftpteam (including verification by phone call of the fingerprint and other details of the key to be signed).

Once the new key is prepared, it will be placed on this page, put into the relevant archive packages and announced to debian-devel-announce well in advance of being used.

Key Revocation Procedure

A revokation certificate for the archive key is produced at the time of the creation of an archive key. The program gfshare (package libgfshare-bin) (a Shamir's secret sharing scheme implementation) is then used to produce 12 shares of which 7 are needed to recover the revokation cert. This procedure is for use in emergencies only (such as losing ftp-master.debian.org and all of the backups, a hopefully unlikely event) as the key can normally be used to produce its own revokation certificate.

Key Backup / Restore Procedure

After the creation of the archive key, the secret part of it will be backed up in one additional way. The program gfshare (package libgfshare-bin) (a Shamir's secret sharing scheme implementation) is used to produce 14 shares of which 9 are needed to recover the secret key.

SSSS holders

The following people each hold one of the shares of the revocation certificate / private key.

Revocation shares

7 of those shares are needed to reproduce the revocation certificate

Debian uidName
shoSamuel Hocevar
donDon Armstrong
neilmNeil McGovern
djpigFrank Lichtenheld
jimmyJimmy Kaplowitz
killerKalle Kivimaa
noodlesJonathan McDowell
rraRuss Allbery
margaMargarita Manterola
thijsThijs Kinkhorst
meikeMeike Reichle
miriamMiriam Ruiz

Key shares

9 of those shares are needed to reproduce the secret key

Debian uidName
lukLuk Claes
maxxMartin Wuertele
adeodatoAdeodato Simó
myonChristoph Berg
93samSteve McIntyre
bdaleBdale Garbee
sgranStephen Gran
dannfDann Frazier
weaselPeter Palfrader
enricoEnrico Zini
wouterWouter Verhelst
mhyMark Hymers
bzedBernd Zeimetz
stewMike O'Connor

Debian FTP team