Feature #15890
Update our OpenPGP keys in 2019
100%
Description
What we’re supposed to do each year:
- Bump the master key’s expiration date by 1 year.
- Generate a new signing subkey for each RM, and move it onto new smartcards (the old ones are still needed to keep the previous subkey during the transition period).
- If needed, generate and split a revocation certificate for our signing key. See internal.git for details.
- Update the public key in
wiki/src/tails-signing.key
. - Update references to the public key at least in
wiki/src/doc/about/openpgp_keys.mdwn
. - Create a ticket about updating our OpenPGP keys next year.
To be done at the summit during northern hemisphere summer.
Subtasks
Feature #15891: Ensure we have enough OpenPGP smartcard/GNUK hardware for our 2019 keys update | Resolved | 0 |
Related issues
Related to Tails - |
Resolved | 2019-01-08 | |
Related to Tails - Bug #17133: Update our OpenPGP keys in 2020 | Confirmed | ||
Copied from Tails - |
Resolved | 2017-09-01 |
History
#1 Updated by intrigeri 2018-09-01 09:50:25
- copied from
Feature #14484: Update our OpenPGP keys in 2018 added
#2 Updated by intrigeri 2018-09-01 09:56:57
- Description updated
#3 Updated by sajolida 2019-01-10 09:46:35
- related to
Bug #16327: Certify the key of tails-{fundraising,mirrors,sysadmins}@boum.org with the signing key added
#4 Updated by sajolida 2019-01-10 09:47:22
This could be a good time to do Bug #16327.
If I’m part of the people doing the ritual (like last year) I don’t mind working on this.
#5 Updated by intrigeri 2019-04-13 08:23:25
- Status changed from In Progress to Confirmed
#6 Updated by intrigeri 2019-04-13 08:23:46
- Target version changed from 2019 to Tails_3.16
#7 Updated by intrigeri 2019-04-25 13:40:56
> To be done at the summit during northern hemisphere summer.
Except the summit will happen much later, quite possibly too late, so we’ll need to find some other way to fix that.
#8 Updated by intrigeri 2019-04-25 16:19:13
Given the RMs won’t meet in person at the right time for the necessary key update in ~August, there’s no way we give them new signing subkeys on OpenPGP hardware in due time. So we have no choice but to:
- by the end of October: enough Tails folks meet to postpone the expiration date of the master (sic) key and the RM’s signing subkeys; I’ll try my best to make this happen
- ship these updated pubkeys in Tails 3.17 so updates from 3.17 to the next couple releases work
- next time enough RMs meet (probably November): generate fresh subkeys and move them to hardware tokens
- at some well chosen time after that, switch to the new subkeys when signing stuff
#9 Updated by intrigeri 2019-08-05 08:29:09
- Priority changed from Normal to High
#10 Updated by intrigeri 2019-08-29 06:38:41
- Target version changed from Tails_3.16 to Tails_3.17
#11 Updated by intrigeri 2019-09-12 14:25:21
- Target version changed from Tails_3.17 to Tails_4.0
#12 Updated by intrigeri 2019-10-08 13:13:55
- Status changed from Confirmed to In Progress
Applied in changeset commit:tails|316b4e889b88891b9759693e77e83d76a1917370.
#13 Updated by intrigeri 2019-10-08 13:24:46
- Status changed from In Progress to Needs Validation
- Assignee deleted (
intrigeri)
Bumped expiration date on the master branch, see the 2 commits that are cross-referenced with this ticket.
> * Create a ticket about updating our OpenPGP keys next year.
#14 Updated by intrigeri 2019-10-08 13:24:54
- related to Bug #17133: Update our OpenPGP keys in 2020 added
#15 Updated by anonym 2019-10-18 11:53:31
- Status changed from Needs Validation to Resolved
Everything looks in order to me!