nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-04-20 20:45:02 -05:00
Code Issues Projects Releases Wiki Activity

Key rollover: rewrite the PGP keys manual appendix.

Browse Source 
This gives pride of place to the new set of keys we've recently
generated, and relegates the old ones to an afterthought.
This commit is contained in:
Simon Tatham 2015-09-02 18:24:39 +01:00
parent 1e0e96204d
commit bb68baf53b
2 changed files with 131 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/index.but
View File

@ -843,8 +843,9 @@ saved sessions from
\IM{version of PuTTY} version, of PuTTY \IM{version of PuTTY} version, of PuTTY
\IM{PGP signatures} PGP signatures, of PuTTY binaries \IM{GPG signatures} PGP signatures, of PuTTY binaries
\IM{PGP signatures} signatures, of PuTTY binaries \IM{GPG signatures} GPG signatures, of PuTTY binaries
\IM{GPG signatures} signatures, of PuTTY binaries
\IM{logical host name} logical host name \IM{logical host name} logical host name
\IM{logical host name} host name, logical \IM{logical host name} host name, logical

202
doc/pgpkeys.but
View File

@ -2,7 +2,7 @@
\cfg{winhelp-topic}{pgpfingerprints} \cfg{winhelp-topic}{pgpfingerprints}
\I{verifying new versions}We create \i{PGP signatures} for all the PuTTY \I{verifying new versions}We create \i{GPG signatures} for all the PuTTY
files distributed from our web site, so that users can be confident files distributed from our web site, so that users can be confident
that the files have not been tampered with. Here we identify that the files have not been tampered with. Here we identify
our public keys, and explain our signature policy so you can have an our public keys, and explain our signature policy so you can have an
@ -22,40 +22,49 @@ the origin of files distributed by the PuTTY team.)
\H{pgpkeys-pubkey} Public keys \H{pgpkeys-pubkey} Public keys
We supply two complete sets of keys. We supply a set of RSA keys, We maintain a set of three keys, stored with different levels of
compatible with both \W{http://www.gnupg.org/}{GnuPG} and PGP2, security due to being used in different ways. See \k{pgpkeys-security}
and also a set of DSA keys compatible with GnuPG. below for details.
In each format, we have three keys: The three keys we provide are:
\b A Development Snapshots key, used to sign the nightly builds. \dt Snapshot Key
\b A Releases key, used to sign actual releases. \dd Used to sign routine development builds of PuTTY: nightly
snapshots, pre-releases, and sometimes also custom diagnostic builds
we send to particular users.
\b A Master Key. The Master Key is used to sign the other two keys, and \dt Release Key
they sign it in return.
Therefore, we have six public keys in total: \dd Used to sign manually released versions of PuTTY.
\b RSA: \dt Master Key
\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-rsa.asc}{Master Key},
\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-rsa.asc}{Release key},
\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-rsa.asc}{Snapshot key}
\lcont{ \dd Used to tie the other two keys into the GPG web of trust. The
Master Key: 1024-bit; \I{PGP key fingerprint}fingerprint: Master Key signs the other two keys, and other GPG users have signed
\cw{8F\_15\_97\_DA\_25\_30\_AB\_0D\_\_88\_D1\_92\_54\_11\_CF\_0C\_4C} it in turn.
}
\b DSA: The current issue of those three keys are available for download from
\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-dsa.asc}{Master Key}, the PuTTY website, and are also available on PGP keyservers using the
\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-dsa.asc}{Release key}, key IDs listed below.
\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-dsa.asc}{Snapshot key}
\lcont{ \dt \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2015.asc}{\s{Master Key}}
Master Key: 1024-bit; fingerprint:
\cw{313C\_3E76\_4B74\_C2C5\_F2AE\_\_83A8\_4F5E\_6DF5\_6A93\_B34E} \dd RSA, 4096-bit. Key ID: \cw{4096R/04676F7C} (long version:
} \cw{4096R/AB585DC604676F7C}). Fingerprint:
\cw{440D\_E3B5\_B7A1\_CA85\_B3CC\_\_1718\_AB58\_5DC6\_0467\_6F7C}
\dt \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-2015.asc}{\s{Release Key}}
\dd RSA, 2048-bit. Key ID: \cw{2048R/B43434E4} (long version:
\cw{2048R/9DFE2648B43434E4}). Fingerprint:
\cw{0054\_DDAA\_8ADA\_15D2\_768A\_\_6DE7\_9DFE\_2648\_B434\_34E4}
\dt \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-2015.asc}{\s{Snapshot Key}}
\dd RSA, 2048-bit. Key ID: \cw{2048R/D15F7E8A} (long version:
\cw{2048R/EEF20295D15F7E8A}). Fingerprint:
\cw{0A3B\_0048\_FE49\_9B67\_A234\_\_FEB6\_EEF2\_0295\_D15F\_7E8A}
\H{pgpkeys-security} Security details \H{pgpkeys-security} Security details
@ -63,77 +72,122 @@ The various keys have various different security levels. This
section explains what those security levels are, and how far you can section explains what those security levels are, and how far you can
expect to trust each key. expect to trust each key.
\S{pgpkeys-snapshot} The Development Snapshots keys \S{pgpkeys-snapshot} The Development Snapshots key
These keys are stored \e{without passphrases}. This is The Development Snapshots private key is stored \e{without a
necessary, because the snapshots are generated every night without passphrase}. This is necessary, because the snapshots are generated
human intervention, so nobody would be able to type a passphrase. every night without human intervention, so nobody would be able to
type a passphrase.
The actual snapshots are built on a team member's home Windows box. The snapshots are built and signed on a team member's home computers,
The keys themselves are stored on an independently run Unix box before being uploaded to the web server from which you download them.
(the same one that hosts our Git repository). After
being built, the binaries are uploaded to this Unix box and then
signed automatically.
Therefore, a signature from one of the Development Snapshots keys Therefore, a signature from the Development Snapshots key \e{DOES}
\e{DOES} protect you against: protect you against:
\b People tampering with the PuTTY binaries between the PuTTY web site \b People tampering with the PuTTY binaries between the PuTTY web site
and you. and you.
\b The maintainers of our web server attempting to abuse their root
privilege to tamper with the binaries.
But it \e{DOES NOT} protect you against: But it \e{DOES NOT} protect you against:
\b People tampering with the binaries before they are uploaded to the \b People tampering with the binaries before they are uploaded to our
independent Unix box. download servers.
\b The sysadmin of the independent Unix box using his root privilege to \b People tampering with the build machines so that the next set of
steal the private keys and abuse them, or tampering with the binaries they build will be malicious in some way.
binaries before they are signed.
\b Somebody getting root on the Unix box. \b People stealing the unencrypted private key from the build machine
it lives on.
Of course, we don't believe any of those things is very likely. We Of course, we take all reasonable precautions to guard the build
know our sysadmin personally and trust him (both to be competent and machines. But when you see a signature, you should always be certain
to be non-malicious), and we take all reasonable precautions to of precisely what it guarantees and precisely what it does not.
guard the build machine. But when you see a signature, you should
always be certain of precisely what it guarantees and precisely what
it does not.
\S{pgpkeys-release} The Releases keys \S{pgpkeys-release} The Releases key
The Release keys have passphrases and we can be more careful about The Releases key is more secure: because it is only used at release
how we use them. time, to sign each release by hand, we can store it encrypted.
The Release keys are kept safe on the developers' own local The Releases private key is kept encrypted on the developers' own
machines, and only used to sign releases that have been built by local machines. So an attacker wanting to steal it would have to also
hand. A signature from a Release key protects you from almost any steal the passphrase.
plausible attack.
(Some of the developers' machines have cable modem connections and
might in theory be crackable, but of course the private keys are
still encrypted, so the crack would have to go unnoticed for long
enough to steal a passphrase.)
\S{pgpkeys-master} The Master Keys \S{pgpkeys-master} The Master Keys
The Master Keys sign almost nothing. Their purpose is to bind the The Master Key signs almost nothing. Its purpose is to bind the other
other keys together and certify that they are all owned by the same keys together and certify that they are all owned by the same people
people and part of the same integrated setup. The only signatures and part of the same integrated setup. The only signatures produced by
produced by the Master Keys, \e{ever}, should be the signatures the Master Key, \e{ever}, should be the signatures on the other keys.
on the other keys.
We intend to arrange for the Master Keys to sign each other, to The Master Key is especially long, and its private key and passphrase
certify that the DSA keys and RSA keys are part of the same setup. are stored with special care.
We have not yet got round to this at the time of writing.
We have collected a few third-party signatures on the Master Keys, We have collected some third-party signatures on the Master Key, in
in order to increase the chances that you can find a suitable trust order to increase the chances that you can find a suitable trust path
path to them. We intend to collect more. (Note that the keys on the to them.
keyservers appear to have also collected some signatures from people
who haven't performed any verification of the Master Keys.)
We have uploaded our various keys to public keyservers, so that We have uploaded our various keys to public keyservers, so that
even if you don't know any of the people who have signed our even if you don't know any of the people who have signed our
keys, you can still be reasonably confident that an attacker would keys, you can still be reasonably confident that an attacker would
find it hard to substitute fake keys on all the public keyservers at find it hard to substitute fake keys on all the public keyservers at
once. once.
\H{pgpkeys-rollover} Key rollover
Our current three keys were generated in September 2015. Prior to
that, we had a much older set of keys generated in 2000. For each of
the three key types above, we provided both an RSA key \e{and} a DSA
key (because at the time we generated them, RSA was not in practice
available to everyone, due to export restrictions).
The new Master Key is signed with both of the old ones, to show that
it really is owned by the same people and not substituted by an
attacker. Also, we have retrospectively signed the old Release Keys
with the new Master Key, in case you're trying to verify the
signatures on a release prior to the rollover and can find a chain of
trust to those keys from any of the people who have signed our new
Master Key.
Future releases will be signed with the up-to-date keys shown above.
Releases prior to the rollover are signed with the old Release Keys.
For completeness, those old keys are given here:
\dt \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-rsa.asc}{\s{Master Key} (original RSA)}
\dd RSA, 1024-bit. Key ID: \cw{1024R/1E34AC41} (long version:
\cw{1024R/9D5877BF1E34AC41}). Fingerprint:
\cw{8F\_15\_97\_DA\_25\_30\_AB\_0D\_\_88\_D1\_92\_54\_11\_CF\_0C\_4C}
\dt \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-rsa.asc}{\s{Master Key} (original DSA)}
\dd DSA, 1024-bit. Key ID: \cw{1024D/6A93B34E} (long version:
\cw{1024D/4F5E6DF56A93B34E}). Fingerprint:
\cw{313C\_3E76\_4B74\_C2C5\_F2AE\_\_83A8\_4F5E\_6DF5\_6A93\_B34E}
\dt \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-rsa.asc}{\s{Release Key} (original RSA)}
\dd RSA, 1024-bit. Key ID: \cw{1024R/B41CAE29} (long version:
\cw{1024R/EF39CCC0B41CAE29}). Fingerprint:
\cw{AE\_65\_D3\_F7\_85\_D3\_18\_E0\_\_3B\_0C\_9B\_02\_FF\_3A\_81\_FE}
\dt \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-rsa.asc}{\s{Release Key} (original DSA)}
\dd DSA, 1024-bit. Key ID: \cw{1024D/08B0A90B} (long version:
\cw{1024D/FECD6F3F08B0A90B}). Fingerprint:
\cw{00B1\_1009\_38E6\_9800\_6518\_\_F0AB\_FECD\_6F3F\_08B0\_A90B}
\dt \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-rsa.asc}{\s{Snapshot Key} (original RSA)}
\dd RSA, 1024-bit. Key ID: \cw{1024R/32B903A9} (long version:
\cw{1024R/FAAED21532B903A9}). Fingerprint:
\cw{86\_8B\_1F\_79\_9C\_F4\_7F\_BD\_\_8B\_1B\_D7\_8E\_C6\_4E\_4C\_03}
\dt \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-rsa.asc}{\s{Snapshot Key} (original DSA)}
\dd DSA, 1024-bit. Key ID: \cw{1024D/7D3E4A00} (long version:
\cw{1024D/165E56F77D3E4A00}). Fingerprint:
\cw{63DD\_8EF8\_32F5\_D777\_9FF0\_\_2947\_165E\_56F7\_7D3E\_4A00}