Accueil Explorer Aide
S'inscrire Connexion
Apq
/
winscp
miroir de https://github.com/winscp/winscp.git
1
0
Fork 0
Fichiers Tickets 0 Wiki
Aborescence: aff4559cbd
Branches Tags
winscp
/
source
/
putty
/
doc
/
pgpkeys.but

pgpkeys.but 9.5 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235 
  1. \A{pgpkeys} PuTTY download keys and signatures
    2. 

  2. 

  3. \cfg{winhelp-topic}{pgpfingerprints}
    4. 

  4. 

  5. \I{verifying new versions}We create \i{GPG signatures} for all the PuTTY
    6. 

  6. files distributed from our web site, so that users can be confident
    7. 

  7. that the files have not been tampered with. Here we identify
    8. 

  8. our public keys, and explain our signature policy so you can have an
    9. 

  9. accurate idea of what each signature guarantees.
    10. 

  10. This description is provided as both a web page on the PuTTY site, and
    11. 

  11. an appendix in the PuTTY manual.
    12. 

  12. 

  13. As of release 0.58, all of the PuTTY executables contain fingerprint
    14. 

  14. material (usually accessed via the \i\c{-pgpfp} command-line
    15. 

  15. option), such that if you have an executable you trust, you can use
    16. 

  16. it to establish a trust path, for instance to a newer version
    17. 

  17. downloaded from the Internet.
    18. 

  18. 

  19. (Note that none of the keys, signatures, etc mentioned here have
    20. 

  20. anything to do with keys used with SSH - they are purely for verifying
    21. 

  21. the origin of files distributed by the PuTTY team.)
    22. 

  22. 

  23. \H{pgpkeys-pubkey} Public keys
    24. 

  24. 

  25. We maintain multiple keys, stored with different levels of security
    26. 

  26. due to being used in different ways. See \k{pgpkeys-security} below
    27. 

  27. for details.
    28. 

  28. 

  29. The keys we provide are:
    30. 

  30. 

  31. \dt Snapshot Key
    32. 

  32. 

  33. \dd Used to sign routine development builds of PuTTY: nightly
    34. 

  34. snapshots, pre-releases, and sometimes also custom diagnostic builds
    35. 

  35. we send to particular users.
    36. 

  36. 

  37. \dt Release Key
    38. 

  38. 

  39. \dd Used to sign manually released versions of PuTTY.
    40. 

  40. 

  41. \dt Secure Contact Key
    42. 

  42. 

  43. \dd An encryption-capable key suitable for people to send confidential
    44. 

  44. messages to the PuTTY team, e.g. reports of vulnerabilities.
    45. 

  45. 

  46. \dt Master Key
    47. 

  47. 

  48. \dd Used to tie all the above keys into the GPG web of trust. The
    49. 

  49. Master Key signs all the other keys, and other GPG users have signed
    50. 

  50. it in turn.
    51. 

  51. 

  52. The current issue of those keys are available for download from the
    53. 

  53. PuTTY website, and are also available on PGP keyservers using the key
    54. 

  54. IDs listed below.
    55. 

  55. 

  56. \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2018.asc}{\s{Master Key} (2018)}
    57. 

  57. 

  58. \dd RSA, 4096-bit. Key ID: \cw{76BC7FE4EBFD2D9E}. Fingerprint:
    59. 

  59. \cw{24E1\_B1C5\_75EA\_3C9F\_F752\_\_A922\_76BC\_7FE4\_EBFD\_2D9E}
    60. 

  60. 

  61. \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-2018.asc}{\s{Release Key} (2018)}
    62. 

  62. 

  63. \dd RSA, 3072-bit. Key ID: \cw{6289A25F4AE8DA82}. Fingerprint:
    64. 

  64. \cw{E273\_94AC\_A3F9\_D904\_9522\_\_E054\_6289\_A25F\_4AE8\_DA82}
    65. 

  65. 

  66. \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-2018.asc}{\s{Snapshot Key} (2018)}
    67. 

  67. 

  68. \dd RSA, 3072-bit. Key ID: \cw{38BA7229B7588FD1}. Fingerprint:
    69. 

  69. \cw{C92B\_52E9\_9AB6\_1DDA\_33DB\_\_2B7A\_38BA\_7229\_B758\_8FD1}
    70. 

  70. 

  71. \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/contact-2018.asc}{\s{Secure Contact Key} (2018)}
    72. 

  72. 

  73. \dd RSA, 3072-bit. Key ID: \cw{657D487977F95C98}. Fingerprint:
    74. 

  74. \cw{A680\_0082\_2998\_6E46\_22CA\_\_0E43\_657D\_4879\_77F9\_5C98}
    75. 

  75. 

  76. \H{pgpkeys-security} Security details
    77. 

  77. 

  78. The various keys have various different security levels. This
    79. 

  79. section explains what those security levels are, and how far you can
    80. 

  80. expect to trust each key.
    81. 

  81. 

  82. \S{pgpkeys-snapshot} The Development Snapshots key
    83. 

  83. 

  84. The Development Snapshots private key is stored \e{without a
    85. 

  85. passphrase}. This is necessary, because the snapshots are generated
    86. 

  86. every night without human intervention, so nobody would be able to
    87. 

  87. type a passphrase.
    88. 

  88. 

  89. The snapshots are built and signed on a team member's home computers,
    90. 

  90. before being uploaded to the web server from which you download them.
    91. 

  91. 

  92. Therefore, a signature from the Development Snapshots key \e{DOES}
    93. 

  93. protect you against:
    94. 

  94. 

  95. \b People tampering with the PuTTY binaries between the PuTTY web site
    96. 

  96. and you.
    97. 

  97. 

  98. \b The maintainers of our web server attempting to abuse their root
    99. 

  99. privilege to tamper with the binaries.
    100. 

  100. 

  101. But it \e{DOES NOT} protect you against:
    102. 

  102. 

  103. \b People tampering with the binaries before they are uploaded to our
    104. 

  104. download servers.
    105. 

  105. 

  106. \b People tampering with the build machines so that the next set of
    107. 

  107. binaries they build will be malicious in some way.
    108. 

  108. 

  109. \b People stealing the unencrypted private key from the build machine
    110. 

  110. it lives on.
    111. 

  111. 

  112. Of course, we take all reasonable precautions to guard the build
    113. 

  113. machines. But when you see a signature, you should always be certain
    114. 

  114. of precisely what it guarantees and precisely what it does not.
    115. 

  115. 

  116. \S{pgpkeys-release} The Releases key
    117. 

  117. 

  118. The Releases key is more secure: because it is only used at release
    119. 

  119. time, to sign each release by hand, we can store it encrypted.
    120. 

  120. 

  121. The Releases private key is kept encrypted on the developers' own
    122. 

  122. local machines. So an attacker wanting to steal it would have to also
    123. 

  123. steal the passphrase.
    124. 

  124. 

  125. \S{pgpkeys-contact} The Secure Contact Key
    126. 

  126. 

  127. The Secure Contact Key is stored with a similar level of security to
    128. 

  128. the Release Key: it is stored with a passphrase, and no automated
    129. 

  129. script has access to it.
    130. 

  130. 

  131. \S{pgpkeys-master} The Master Keys
    132. 

  132. 

  133. The Master Key signs almost nothing. Its purpose is to bind the other
    134. 

  134. keys together and certify that they are all owned by the same people
    135. 

  135. and part of the same integrated setup. The only signatures produced by
    136. 

  136. the Master Key, \e{ever}, should be the signatures on the other keys.
    137. 

  137. 

  138. The Master Key is especially long, and its private key and passphrase
    139. 

  139. are stored with special care.
    140. 

  140. 

  141. We have collected some third-party signatures on the Master Key, in
    142. 

  142. order to increase the chances that you can find a suitable trust path
    143. 

  143. to them.
    144. 

  144. 

  145. We have uploaded our various keys to public keyservers, so that
    146. 

  146. even if you don't know any of the people who have signed our
    147. 

  147. keys, you can still be reasonably confident that an attacker would
    148. 

  148. find it hard to substitute fake keys on all the public keyservers at
    149. 

  149. once.
    150. 

  150. 

  151. \H{pgpkeys-rollover} Key rollover
    152. 

  152. 

  153. Our current keys were generated in August 2018.
    154. 

  154. 

  155. Each new Master Key is signed with the old one, to show that it really
    156. 

  156. is owned by the same people and not substituted by an attacker.
    157. 

  157. 

  158. Each new Master Key also signs the previous Release Keys, in case
    159. 

  159. you're trying to verify the signatures on a release prior to the
    160. 

  160. rollover and can find a chain of trust to those keys from any of the
    161. 

  161. people who have signed our new Master Key.
    162. 

  162. 

  163. Each release is signed with the Release Key that was current at the
    164. 

  164. time of release. We don't go back and re-sign old releases with newly
    165. 

  165. generated keys.
    166. 

  166. 

  167. The details of all previous keys are given here.
    168. 

  168. 

  169. \s{Key generated in 2016} (when we first introduced the Secure Contact Key)
    170. 

  170. 

  171. \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/contact-2016.asc}{\s{Secure Contact Key} (2016)}
    172. 

  172. 

  173. \dd RSA, 2048-bit. Main key ID: \cw{2048R/8A0AF00B} (long version:
    174. 

  174. \cw{2048R/C4FCAAD08A0AF00B}). Encryption subkey ID:
    175. 

  175. \cw{2048R/50C2CF5C} (long version: \cw{2048R/9EB39CC150C2CF5C}).
    176. 

  176. Fingerprint:
    177. 

  177. \cw{8A26\_250E\_763F\_E359\_75F3\_\_118F\_C4FC\_AAD0\_8A0A\_F00B}
    178. 

  178. 

  179. \s{Keys generated in the 2015 rollover}
    180. 

  180. 

  181. \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2015.asc}{\s{Master Key} (2015)}
    182. 

  182. 

  183. \dd RSA, 4096-bit. Key ID: \cw{4096R/04676F7C} (long version:
    184. 

  184. \cw{4096R/AB585DC604676F7C}). Fingerprint:
    185. 

  185. \cw{440D\_E3B5\_B7A1\_CA85\_B3CC\_\_1718\_AB58\_5DC6\_0467\_6F7C}
    186. 

  186. 

  187. \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-2015.asc}{\s{Release Key} (2015)}
    188. 

  188. 

  189. \dd RSA, 2048-bit. Key ID: \cw{2048R/B43434E4} (long version:
    190. 

  190. \cw{2048R/9DFE2648B43434E4}). Fingerprint:
    191. 

  191. \cw{0054\_DDAA\_8ADA\_15D2\_768A\_\_6DE7\_9DFE\_2648\_B434\_34E4}
    192. 

  192. 

  193. \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-2015.asc}{\s{Snapshot Key} (2015)}
    194. 

  194. 

  195. \dd RSA, 2048-bit. Key ID: \cw{2048R/D15F7E8A} (long version:
    196. 

  196. \cw{2048R/EEF20295D15F7E8A}). Fingerprint:
    197. 

  197. \cw{0A3B\_0048\_FE49\_9B67\_A234\_\_FEB6\_EEF2\_0295\_D15F\_7E8A}
    198. 

  198. 

  199. \s{Original keys generated in 2000} (two sets, RSA and DSA)
    200. 

  200. 

  201. \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-rsa.asc}{\s{Master Key} (original RSA)}
    202. 

  202. 

  203. \dd RSA, 1024-bit. Key ID: \cw{1024R/1E34AC41} (long version:
    204. 

  204. \cw{1024R/9D5877BF1E34AC41}). Fingerprint:
    205. 

  205. \cw{8F\_15\_97\_DA\_25\_30\_AB\_0D\_\_88\_D1\_92\_54\_11\_CF\_0C\_4C}
    206. 

  206. 

  207. \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-dsa.asc}{\s{Master Key} (original DSA)}
    208. 

  208. 

  209. \dd DSA, 1024-bit. Key ID: \cw{1024D/6A93B34E} (long version:
    210. 

  210. \cw{1024D/4F5E6DF56A93B34E}). Fingerprint:
    211. 

  211. \cw{313C\_3E76\_4B74\_C2C5\_F2AE\_\_83A8\_4F5E\_6DF5\_6A93\_B34E}
    212. 

  212. 

  213. \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-rsa.asc}{\s{Release Key} (original RSA)}
    214. 

  214. 

  215. \dd RSA, 1024-bit. Key ID: \cw{1024R/B41CAE29} (long version:
    216. 

  216. \cw{1024R/EF39CCC0B41CAE29}). Fingerprint:
    217. 

  217. \cw{AE\_65\_D3\_F7\_85\_D3\_18\_E0\_\_3B\_0C\_9B\_02\_FF\_3A\_81\_FE}
    218. 

  218. 

  219. \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-dsa.asc}{\s{Release Key} (original DSA)}
    220. 

  220. 

  221. \dd DSA, 1024-bit. Key ID: \cw{1024D/08B0A90B} (long version:
    222. 

  222. \cw{1024D/FECD6F3F08B0A90B}). Fingerprint:
    223. 

  223. \cw{00B1\_1009\_38E6\_9800\_6518\_\_F0AB\_FECD\_6F3F\_08B0\_A90B}
    224. 

  224. 

  225. \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-rsa.asc}{\s{Snapshot Key} (original RSA)}
    226. 

  226. 

  227. \dd RSA, 1024-bit. Key ID: \cw{1024R/32B903A9} (long version:
    228. 

  228. \cw{1024R/FAAED21532B903A9}). Fingerprint:
    229. 

  229. \cw{86\_8B\_1F\_79\_9C\_F4\_7F\_BD\_\_8B\_1B\_D7\_8E\_C6\_4E\_4C\_03}
    230. 

  230. 

  231. \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-dsa.asc}{\s{Snapshot Key} (original DSA)}
    232. 

  232. 

  233. \dd DSA, 1024-bit. Key ID: \cw{1024D/7D3E4A00} (long version:
    234. 

  234. \cw{1024D/165E56F77D3E4A00}). Fingerprint:
    235. 

  235. \cw{63DD\_8EF8\_32F5\_D777\_9FF0\_\_2947\_165E\_56F7\_7D3E\_4A00}
    236.