Which PGP keys sign which packages


The signing keys we use are:

  • The Tor Browser Developers (0x93298290), Mike Perry (0x0E3A92E4), Georg Koppen (0x4B7C3223), Nicolas Vigier (0xD0220E4B) and Linus Nordberg (0x23291265) sign the Tor Browser releases.
  • Roger Dingledine (0x28988BF5 and 0x19F78451) or Nick Mathewson (0x165733EA, or its subkey 0x8D29319A) sign the Tor source code tarballs.
  • Tor Project Archive (0x886DDD89) signs the deb.torproject.org repositories and archives.
  • Damian Johnson (0x9ABBEEC6) signs Arm releases.
  • The Tails team (0x58ACD84F) signs the Tails live system releases.
  • David Goulet (0x42E86A2A11F48D36) signs Torsocks releases.
  • Sukhbir Singh (0xB01C8B006DA77FAA) signs Tor Messenger and TorBirdy releases.
  • Other developers include Peter Palfrader (0xC82E0039, or its subkey 0xE1DEC577) and Jacob Appelbaum (0xFA7F0E44D487F03F).
The fingerprints for the keys should be:
    pub   1024D/28988BF5 2000-02-27
          Key fingerprint = B117 2656 DFF9 83C3 042B  C699 EB5A 896A 2898 8BF5
    uid                  Roger Dingledine <arma@mit.edu>

    pub   4096R/19F78451 2010-05-07
          Key fingerprint = F65C E37F 04BA 5B36 0AE6  EE17 C218 5258 19F7 8451
    uid                  Roger Dingledine <arma@torproject.org>
    sub   4096R/B0E5067D 2015-06-10 [expires: 2016-06-09]

    pub   3072R/165733EA 2004-07-03
          Key fingerprint = B35B F85B F194 89D0 4E28  C33C 2119 4EBB 1657 33EA
    uid                  Nick Mathewson <nickm@alum.mit.edu>
    uid                  Nick Mathewson <nickm@wangafu.net>
    uid                  Nick Mathewson <nickm@freehaven.net>
    sub   3072R/8D29319A 2004-07-03
    sub   3072R/F25B8E5E 2004-07-03

    pub   2048R/63FEE659 2003-10-16
          Key fingerprint = 8738 A680 B84B 3031 A630  F2DB 416F 0610 63FE E659
    uid                  Erinn Clark <erinn@torproject.org>
    sub   2048R/EB399FD7 2003-10-16

    pub   1024D/F1F5C9B5 2010-02-03
          Key fingerprint = C2E3 4CFC 13C6 2BD9 2C75  79B5 6B8A AEB1 F1F5 C9B5
    uid                  Erinn Clark <erinn@torproject.org>
    sub   1024g/7828F26A 2010-02-03

    pub   2048R/886DDD89 2009-09-04 [expires: 2020-08-29]
          Key fingerprint = A3C4 F0F9 79CA A22C DBA8  F512 EE8C BC9E 886D DD89
    uid                  deb.torproject.org archive signing key
    sub   2048R/219EC810 2009-09-04 [expires: 2018-08-30]

    pub   1024D/9ABBEEC6 2009-06-17
          Key fingerprint = 6827 8CC5 DD2D 1E85 C4E4  5AD9 0445 B7AB 9ABB EEC6
    uid                  Damian Johnson <atagar@torproject.org>
    sub   2048g/146276B2 2009-06-17
    sub   2048R/87F30690 2010-08-07

    pub   8192R/683686CC 2013-09-11
          Key fingerprint = C963 C21D 6356 4E2B 10BB  335B 2984 6B3C 6836 86CC
    uid                  Mike Perry (Regular use key) <mikeperry@torproject.org>
    sub   4096R/0F129402 2015-09-07 [expires: 2016-09-11]
    sub   4096R/ACC0A961 2015-09-07 [expires: 2016-09-11]

    pub   4096R/C5AA446D 2010-07-14
          Key fingerprint = 261C 5FBE 7728 5F88 FB0C  3432 66C8 C2D7 C5AA 446D
    uid                  Sebastian Hahn <mail@sebastianhahn.net>
    sub   2048R/A2499719 2010-07-14
    sub   2048R/140C961B 2010-07-14

    pub   4096R/C82E0039 2003-03-24
          Key fingerprint = 25FC 1614 B8F8 7B52 FF2F  99B9 62AF 4031 C82E 0039
    uid                  Peter Palfrader <peter@palfrader.org>
    uid                  Peter Palfrader <weasel@debian.org>

    pub   8192R/C11F6276 2012-07-21
          Key fingerprint = AD1A B35C 674D F572 FBCE  8B0A 6BC7 58CB C11F 6276
    uid                  David Fifield <david@bamsoftware.com>
    sub   4096R/D90A8E40 2012-07-21
    sub   4096R/5CD388E5 2012-07-21

    pub   4096R/23291265 2010-05-07
          Key fingerprint = 8C4C D511 095E 982E B0EF  BFA2 1E8B F349 2329 1265
    uid                  Linus Nordberg <linus@torproject.org>
    sub   4096R/B5F7D1B1 2016-04-14 [expires: 2017-04-14]

    pub   4096R/4B7C3223 2013-07-30
          Key fingerprint = 35CD 74C2 4A9B 15A1 9E1A  81A1 9437 3AA9 4B7C 3223
    uid                  Georg Koppen <gk@torproject.org>
    sub   4096R/24690903 2015-07-20 [expires: 2016-07-19]
    sub   4096R/631602F4 2015-07-20 [expires: 2016-07-19]

    pub   4096R/D0220E4B 2014-03-19
          Key fingerprint = 4A90 646C 0BAE D9D4 56AB  3111 E5B8 1856 D022 0E4B
    uid                      Nicolas Vigier (TBB Builds Signing Key) <boklm@torproject.org>

    pub   4096R/FA7F0E44D487F03F 2014-06-27 [expires: 2024-06-24]
          Key fingerprint = D6A9 48CF 297F 7539 30B4  756A FA7F 0E44 D487 F03F
    uid                          Jacob Appelbaum <jacob@torproject.org>
    sub   3072R/36A3F38A 2015-07-01 [expires: 2016-06-30]
    sub   3072R/45EDE84B 2015-07-01 [expires: 2016-06-30]

    pub   4096R/0x4E2C6E8793298290 2014-12-15 [expires: 2020-08-24]
          Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
    uid   Tor Browser Developers (signing key) <torbrowser@torproject.org>
    sub   4096R/0x2E1AC68ED40814E0 2014-12-15 [expires: 2017-08-25]
    sub   4096R/0x7017ADCEF65C2036 2014-12-15 [expires: 2017-08-25]

    pub   2048R/0x42E86A2A11F48D36 2011-05-11 [expires: 2016-05-09]
          Key fingerprint = B744 17ED DF22 AC9F 9E90  F491 42E8 6A2A 11F4 8D36
    uid                            David Goulet <dgoulet@torproject.org>
    sub   4096g/FE9D6620 2011-05-11 [expires: 2016-05-09]
    sub   4096R/93CC198D 2013-09-10 [expires: 2016-09-10]

    pub   4096R/0xB01C8B006DA77FAA 2016-02-25 [expires: 2020-02-24]
          Key fingerprint = E4AC D397 5427 A5BA 8450  A1BE B01C 8B00 6DA7 7FAA
    uid                            Sukhbir Singh <azadi@riseup.net>
    uid                            Sukhbir Singh <sukhbir@torproject.org>
    sub   4096R/0x1AF20C043D9F9289 2016-02-25 [expires: 2020-02-24]

    pub   4096R/58ACD84F 2015-01-18 [expires: 2017-01-11]
          Key fingerprint = A490 D0F4 D311 A415 3E2B  B7CA DBB8 02B2 58AC D84F
    uid                  Tails developers 
    sub   4096R/752A3DB6 2015-01-18 [expires: 2017-01-11]
    sub   4096R/2F699C56 2015-01-18 [expires: 2017-01-11]