nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

GPG key rollover.

Browse Source 
This commit adds the new ids and fingerprints in the keys appendix of
the manual, and moves the old ones down into the historic-keys
section. I've tweaked a few pieces of wording for ongoing use, so that
they don't imply a specific number of past key rollovers.

The -pgpfp option in all the tools now shows the new Master Key
fingerprint and the previous (2015) one. I've adjusted all the uses of
the #defines in putty.h so that future rollovers should only have to
modify the #defines themselves.

Most importantly, sign.sh bakes in the ids of the current release and
snapshot keys, so that snapshots will automatically be signed with the
new snapshot key and the -r option will invoke the new release key.
This commit is contained in:
Simon Tatham 2018-08-25 14:36:25 +01:00
parent 9f6b59fa2e
commit 6c924ba862
6 changed files with 81 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
doc/pgpkeys.but
View File

@ -53,31 +53,25 @@ The current issue of those keys are available for download from the
PuTTY website, and are also available on PGP keyservers using the key PuTTY website, and are also available on PGP keyservers using the key
IDs listed below. IDs listed below.
\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2015.asc}{\s{Master Key}} \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2018.asc}{\s{Master Key} (2018)}
\dd RSA, 4096-bit. Key ID: \cw{4096R/04676F7C} (long version: \dd RSA, 4096-bit. Key ID: \cw{76BC7FE4EBFD2D9E}. Fingerprint:
\cw{4096R/AB585DC604676F7C}). Fingerprint: \cw{24E1\_B1C5\_75EA\_3C9F\_F752\_\_A922\_76BC\_7FE4\_EBFD\_2D9E}
\cw{440D\_E3B5\_B7A1\_CA85\_B3CC\_\_1718\_AB58\_5DC6\_0467\_6F7C}
\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-2015.asc}{\s{Release Key}} \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-2018.asc}{\s{Release Key} (2018)}
\dd RSA, 2048-bit. Key ID: \cw{2048R/B43434E4} (long version: \dd RSA, 3072-bit. Key ID: \cw{6289A25F4AE8DA82}. Fingerprint:
\cw{2048R/9DFE2648B43434E4}). Fingerprint: \cw{E273\_94AC\_A3F9\_D904\_9522\_\_E054\_6289\_A25F\_4AE8\_DA82}
\cw{0054\_DDAA\_8ADA\_15D2\_768A\_\_6DE7\_9DFE\_2648\_B434\_34E4}
\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/contact-2016.asc}{\s{Secure Contact Key}} \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-2018.asc}{\s{Snapshot Key} (2018)}
\dd RSA, 2048-bit. Main key ID: \cw{2048R/8A0AF00B} (long version: \dd RSA, 3072-bit. Key ID: \cw{38BA7229B7588FD1}. Fingerprint:
\cw{2048R/C4FCAAD08A0AF00B}). Encryption subkey ID: \cw{C92B\_52E9\_9AB6\_1DDA\_33DB\_\_2B7A\_38BA\_7229\_B758\_8FD1}
\cw{2048R/50C2CF5C} (long version: \cw{2048R/9EB39CC150C2CF5C}).
Fingerprint:
\cw{8A26\_250E\_763F\_E359\_75F3\_\_118F\_C4FC\_AAD0\_8A0A\_F00B}
\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-2015.asc}{\s{Snapshot Key}} \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/contact-2018.asc}{\s{Secure Contact Key} (2018)}
\dd RSA, 2048-bit. Key ID: \cw{2048R/D15F7E8A} (long version: \dd RSA, 3072-bit. Key ID: \cw{657D487977F95C98}. Fingerprint:
\cw{2048R/EEF20295D15F7E8A}). Fingerprint: \cw{A680\_0082\_2998\_6E46\_22CA\_\_0E43\_657D\_4879\_77F9\_5C98}
\cw{0A3B\_0048\_FE49\_9B67\_A234\_\_FEB6\_EEF2\_0295\_D15F\_7E8A}
\H{pgpkeys-security} Security details \H{pgpkeys-security} Security details
@ -156,28 +150,53 @@ once.
\H{pgpkeys-rollover} Key rollover \H{pgpkeys-rollover} Key rollover
Our current keys were generated in September 2015, except for the Our current keys were generated in August 2018.
Secure Contact Key which was generated in February 2016 (we didn't
think of it until later).
Prior to that, we had a much older set of keys generated in 2000. For Each new Master Key is signed with the old one, to show that it really
each of the key types above (other than the Secure Contact Key), we is owned by the same people and not substituted by an attacker.
provided both an RSA key \e{and} a DSA key (because at the time we
generated them, RSA was not in practice available to everyone, due to
export restrictions).
The new Master Key is signed with both of the old ones, to show that Each new Master Key also signs the previous Release Keys, in case
it really is owned by the same people and not substituted by an you're trying to verify the signatures on a release prior to the
attacker. Also, we have retrospectively signed the old Release Keys rollover and can find a chain of trust to those keys from any of the
with the new Master Key, in case you're trying to verify the people who have signed our new Master Key.
signatures on a release prior to the rollover and can find a chain of
trust to those keys from any of the people who have signed our new
Master Key.
Future releases will be signed with the up-to-date keys shown above. Each release is signed with the Release Key that was current at the
Releases prior to the rollover are signed with the old Release Keys. time of release. We don't go back and re-sign old releases with newly
generated keys.
For completeness, those old keys are given here: The details of all previous keys are given here.
\s{Key generated in 2016} (when we first introduced the Secure Contact Key)
\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/contact-2016.asc}{\s{Secure Contact Key} (2016)}
\dd RSA, 2048-bit. Main key ID: \cw{2048R/8A0AF00B} (long version:
\cw{2048R/C4FCAAD08A0AF00B}). Encryption subkey ID:
\cw{2048R/50C2CF5C} (long version: \cw{2048R/9EB39CC150C2CF5C}).
Fingerprint:
\cw{8A26\_250E\_763F\_E359\_75F3\_\_118F\_C4FC\_AAD0\_8A0A\_F00B}
\s{Keys generated in the 2015 rollover}
\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2015.asc}{\s{Master Key} (2015)}
\dd RSA, 4096-bit. Key ID: \cw{4096R/04676F7C} (long version:
\cw{4096R/AB585DC604676F7C}). Fingerprint:
\cw{440D\_E3B5\_B7A1\_CA85\_B3CC\_\_1718\_AB58\_5DC6\_0467\_6F7C}
\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-2015.asc}{\s{Release Key} (2015)}
\dd RSA, 2048-bit. Key ID: \cw{2048R/B43434E4} (long version:
\cw{2048R/9DFE2648B43434E4}). Fingerprint:
\cw{0054\_DDAA\_8ADA\_15D2\_768A\_\_6DE7\_9DFE\_2648\_B434\_34E4}
\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-2015.asc}{\s{Snapshot Key} (2015)}
\dd RSA, 2048-bit. Key ID: \cw{2048R/D15F7E8A} (long version:
\cw{2048R/EEF20295D15F7E8A}). Fingerprint:
\cw{0A3B\_0048\_FE49\_9B67\_A234\_\_FEB6\_EEF2\_0295\_D15F\_7E8A}
\s{Original keys generated in 2000} (two sets, RSA and DSA)
\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-rsa.asc}{\s{Master Key} (original RSA)} \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-rsa.asc}{\s{Master Key} (original RSA)}

16
putty.h
View File

@ -30,15 +30,17 @@
#define MAX_TICK_MINS (INT_MAX / (60 * TICKSPERSEC)) #define MAX_TICK_MINS (INT_MAX / (60 * TICKSPERSEC))
/* /*
* Fingerprints of the PGP master keys that can be used to establish a trust * Fingerprints of the current and previous PGP master keys, to
* path between an executable and other files. * establish a trust path between an executable and other files.
*/ */
#define PGP_MASTER_KEY_FP \ #define PGP_MASTER_KEY_YEAR "2018"
#define PGP_MASTER_KEY_DETAILS "RSA, 4096-bit"
#define PGP_MASTER_KEY_FP \
"24E1 B1C5 75EA 3C9F F752 A922 76BC 7FE4 EBFD 2D9E"
#define PGP_PREV_MASTER_KEY_YEAR "2015"
#define PGP_PREV_MASTER_KEY_DETAILS "RSA, 4096-bit"
#define PGP_PREV_MASTER_KEY_FP \
"440D E3B5 B7A1 CA85 B3CC 1718 AB58 5DC6 0467 6F7C" "440D E3B5 B7A1 CA85 B3CC 1718 AB58 5DC6 0467 6F7C"
#define PGP_RSA_MASTER_KEY_FP \
"8F 15 97 DA 25 30 AB 0D 88 D1 92 54 11 CF 0C 4C"
#define PGP_DSA_MASTER_KEY_FP \
"313C 3E76 4B74 C2C5 F2AE 83A8 4F5E 6DF5 6A93 B34E"
/* Three attribute types: /* Three attribute types:
* The ATTRs (normal attributes) are stored with the characters in * The ATTRs (normal attributes) are stored with the characters in

4
sign.sh
View File

@ -9,14 +9,14 @@
set -e set -e
keyname=EEF20295D15F7E8A keyname=38BA7229B7588FD1
preliminary=false preliminary=false
while :; do while :; do
case "$1" in case "$1" in
-r) -r)
shift shift
keyname=9DFE2648B43434E4 keyname=6289A25F4AE8DA82
;; ;;
-p) -p)
shift shift

10
unix/uxmisc.c
View File

@ -158,12 +158,12 @@ void pgp_fingerprints(void)
"one. See the manual for more information.\n" "one. See the manual for more information.\n"
"(Note: these fingerprints have nothing to do with SSH!)\n" "(Note: these fingerprints have nothing to do with SSH!)\n"
"\n" "\n"
"PuTTY Master Key as of 2015 (RSA, 4096-bit):\n" "PuTTY Master Key as of " PGP_MASTER_KEY_YEAR
" (" PGP_MASTER_KEY_DETAILS "):\n"
" " PGP_MASTER_KEY_FP "\n\n" " " PGP_MASTER_KEY_FP "\n\n"
"Original PuTTY Master Key (RSA, 1024-bit):\n" "Previous Master Key (" PGP_PREV_MASTER_KEY_YEAR
" " PGP_RSA_MASTER_KEY_FP "\n" ", " PGP_PREV_MASTER_KEY_DETAILS "):\n"
"Original PuTTY Master Key (DSA, 1024-bit):\n" " " PGP_PREV_MASTER_KEY_FP "\n", stdout);
" " PGP_DSA_MASTER_KEY_FP "\n", stdout);
} }
/* /*

10
windows/wincons.c
View File

@ -327,12 +327,12 @@ void pgp_fingerprints(void)
"one. See the manual for more information.\n" "one. See the manual for more information.\n"
"(Note: these fingerprints have nothing to do with SSH!)\n" "(Note: these fingerprints have nothing to do with SSH!)\n"
"\n" "\n"
"PuTTY Master Key as of 2015 (RSA, 4096-bit):\n" "PuTTY Master Key as of " PGP_MASTER_KEY_YEAR
" (" PGP_MASTER_KEY_DETAILS "):\n"
" " PGP_MASTER_KEY_FP "\n\n" " " PGP_MASTER_KEY_FP "\n\n"
"Original PuTTY Master Key (RSA, 1024-bit):\n" "Previous Master Key (" PGP_PREV_MASTER_KEY_YEAR
" " PGP_RSA_MASTER_KEY_FP "\n" ", " PGP_PREV_MASTER_KEY_DETAILS "):\n"
"Original PuTTY Master Key (DSA, 1024-bit):\n" " " PGP_PREV_MASTER_KEY_FP "\n", stdout);
" " PGP_DSA_MASTER_KEY_FP "\n", stdout);
} }
void console_provide_logctx(void *logctx) void console_provide_logctx(void *logctx)

10
windows/winutils.c
View File

@ -142,12 +142,12 @@ void pgp_fingerprints(void)
"one. See the manual for more information.\n" "one. See the manual for more information.\n"
"(Note: these fingerprints have nothing to do with SSH!)\n" "(Note: these fingerprints have nothing to do with SSH!)\n"
"\n" "\n"
"PuTTY Master Key as of 2015 (RSA, 4096-bit):\n" "PuTTY Master Key as of " PGP_MASTER_KEY_YEAR
" (" PGP_MASTER_KEY_DETAILS "):\n"
" " PGP_MASTER_KEY_FP "\n\n" " " PGP_MASTER_KEY_FP "\n\n"
"Original PuTTY Master Key (RSA, 1024-bit):\n" "Previous Master Key (" PGP_PREV_MASTER_KEY_YEAR
" " PGP_RSA_MASTER_KEY_FP "\n" ", " PGP_PREV_MASTER_KEY_DETAILS "):\n"
"Original PuTTY Master Key (DSA, 1024-bit):\n" " " PGP_PREV_MASTER_KEY_FP,
" " PGP_DSA_MASTER_KEY_FP,
"PGP fingerprints", MB_ICONINFORMATION | MB_OK, "PGP fingerprints", MB_ICONINFORMATION | MB_OK,
HELPCTXID(pgp_fingerprints)); HELPCTXID(pgp_fingerprints));
} }