We have a number of signing keys used for signing software releases. There are a number of different keys because there are a number of different ways of signing software. This list aims to be the comprehensive list of all the release signing keys that we use.
We sign all of our releases using OpenPGP detached binary signatures in a .sig file.
EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 55565E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81BBE2 0FD6 DA48 A3DD 4CC7 DF41 A801 183E 69B3 7AA91893 0780 A043 3A61 B8B2 17D6 97D0 5003 DA73 1A17For easy installation on Ubuntu/Mint/etc. of our official releases, as well as backported software that we use, we have an Launchpad PPA with its own signing key provided by Launchpad:
We currently have two signing keys: a 4096-bit RSA key used for all new apps, and a 1024-bit RSA key that we use for all apps that we first released before 2014. You can download the whole public keys and verify it using the OpenPGP signature:
4096-bit RSA
1024-bit RSA
Our official releases are also posted on our own FDroid repo, which is accessible at https://guardianproject.info/fdroid/repo. The signing key for that repo is available here:
The fingerprints for this signing key are:
Owner: EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US Issuer: EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US Serial number: a397b4da7ecda034 Valid from: Thu Jun 26 15:39:18 EDT 2014 until: Sun Nov 10 14:39:18 EST 2041 Certificate fingerprints: MD5: 8C:BE:60:6F:D7:7E:0D:2D:B8:06:B5:B9:AD:82:F5:5D SHA1: 63:9F:F1:76:2B:3E:28:EC:CE:DB:9E:01:7D:93:21:BE:90:89:CD:AD SHA256: B7:C2:EE:FD:8D:AC:78:06:AF:67:DF:CD:92:EB:18:12:6B:C0:83:12:A7:F2:D6:F3:86:2E:46:01:3C:7A:61:35 Signature algorithm name: SHA1withRSA Version: 1