Приложение F: PuTTY download keys and signatures
предыдущая глава | содержание | следующая глава
We create GPG signatures for all the PuTTY files distributed from our web site, so that users can be confident that the files have not been tampered with. Here we identify our public keys, and explain our signature policy so you can have an accurate idea of what each signature guarantees. This description is provided as both a web page on the PuTTY site, and an appendix in the PuTTY manual.
As of release 0.58, all of the PuTTY executables contain fingerprint material (usually accessed via the -pgpfp
command-line option), such that if you have an executable you trust, you can use it to establish a trust path, for instance to a newer version downloaded from the Internet.
As of release 0.67, the Windows executables and installer also contain built-in signatures that are automatically verified by Windows' own mechanism («Authenticode»). The keys used for that are different, and are not covered here.
See question A.9.18 in the FAQ for some gotchas when verifying checksums and signatures.
(Note that none of the keys, signatures, etc mentioned here have anything to do with keys used with SSH - they are purely for verifying the origin of files distributed by the PuTTY team.)
F.1 Public keys
We maintain multiple keys, stored with different levels of security due to being used in different ways. See section F.2 below for details.
The keys we provide are:
- Snapshot Key
- Used to sign routine development builds of PuTTY: nightly snapshots, pre-releases, and sometimes also custom diagnostic builds we send to particular users.
- Release Key
- Used to sign manually released versions of PuTTY.
- Secure Contact Key
- An encryption-capable key suitable for people to send confidential messages to the PuTTY team, e.g. reports of vulnerabilities.
- Master Key
- Used to tie all the above keys into the GPG web of trust. The Master Key signs all the other keys, and other GPG users have signed it in turn.
The current issue of those keys are available for download from the PuTTY website, and are also available on PGP keyservers using the key IDs listed below.
- Master Key (2023)
- RSA, 4096-bit. Key ID:
B15D9EFC216B06A1
. Fingerprint:28D4 7C46 55E7 65A6 D827 AC66 B15D 9EFC 216B 06A1
- Release Key (2023)
- RSA, 3072-bit. Key ID:
1993D21BCAD1AA77
. Fingerprint:F412 BA3A A30F DC0E 77B4 E387 1993 D21B CAD1 AA77
- Snapshot Key (2023)
- RSA, 3072-bit. Key ID:
10625E553F53FAAD
. Fingerprint:74CC 6DD9 ABA7 31D4 C5A0 C2D0 1062 5E55 3F53 FAAD
- Secure Contact Key (2023)
- RSA, 3072-bit. Key ID:
1559F6A8929F5EFC
. Fingerprint:01F5 A2B1 1388 D64B 707F 897F 1559 F6A8 929F 5EFC
F.2 Security details
The various keys have various different security levels. This section explains what those security levels are, and how far you can expect to trust each key.
F.2.1 The Development Snapshots key
The Development Snapshots private key is stored without a passphrase. This is necessary, because the snapshots are generated every night without human intervention, so nobody would be able to type a passphrase.
The snapshots are built and signed on a team member's home computers, before being uploaded to the web server from which you download them.
Therefore, a signature from the Development Snapshots key DOES protect you against:
- People tampering with the PuTTY binaries between the PuTTY web site and you.
- The maintainers of our web server attempting to abuse their root privilege to tamper with the binaries.
But it DOES NOT protect you against:
- People tampering with the binaries before they are uploaded to our download servers.
- People tampering with the build machines so that the next set of binaries they build will be malicious in some way.
- People stealing the unencrypted private key from the build machine it lives on.
Of course, we take all reasonable precautions to guard the build machines. But when you see a signature, you should always be certain of precisely what it guarantees and precisely what it does not.
F.2.2 The Releases key
The Releases key is more secure: because it is only used at release time, to sign each release by hand, we can store it encrypted.
The Releases private key is kept encrypted on the developers' own local machines. So an attacker wanting to steal it would have to also steal the passphrase.
F.2.3 The Secure Contact Key
The Secure Contact Key is stored with a similar level of security to the Release Key: it is stored with a passphrase, and no automated script has access to it.
F.2.4 The Master Keys
The Master Key signs almost nothing. Its purpose is to bind the other keys together and certify that they are all owned by the same people and part of the same integrated setup. The only signatures produced by the Master Key, ever, should be the signatures on the other keys.
The Master Key is especially long, and its private key and passphrase are stored with special care.
We have collected some third-party signatures on the Master Key, in order to increase the chances that you can find a suitable trust path to them.
We have uploaded our various keys to public keyservers, so that even if you don't know any of the people who have signed our keys, you can still be reasonably confident that an attacker would find it hard to substitute fake keys on all the public keyservers at once.
F.3 Key rollover
Our current keys were generated in July 2023.
Each new Master Key is signed with the old one, to show that it really is owned by the same people and not substituted by an attacker.
Each new Master Key also signs the previous Release Keys, in case you're trying to verify the signatures on a release prior to the rollover and can find a chain of trust to those keys from any of the people who have signed our new Master Key.
Each release is signed with the Release Key that was current at the time of release. We don't go back and re-sign old releases with newly generated keys.
The details of all previous keys are given here.
Keys generated in the 2021 rollover
- Master Key (2021)
- RSA, 3072-bit. Key ID:
DD4355EAAC1119DE
. Fingerprint:A872 D42F 1660 890F 0E05 223E DD43 55EA AC11 19DE
- Release Key (2021)
- RSA, 3072-bit. Key ID:
E4F83EA2AA4915EC
. Fingerprint:2CF6 134B D3F7 7A65 88EB D668 E4F8 3EA2 AA49 15EC
- Snapshot Key (2021)
- RSA, 3072-bit. Key ID:
B43979F89F446CFD
. Fingerprint:1FD3 BCAC E532 FBE0 6A8C 09E2 B439 79F8 9F44 6CFD
- Secure Contact Key (2021)
- RSA, 3072-bit. Key ID:
012C59D4211BD62A
. Fingerprint:E30F 1354 2A04 BE0E 56F0 5801 012C 59D4 211B D62A
Keys generated in the 2018 rollover
- Master Key (2018)
- RSA, 4096-bit. Key ID:
76BC7FE4EBFD2D9E
. Fingerprint:24E1 B1C5 75EA 3C9F F752 A922 76BC 7FE4 EBFD 2D9E
- Release Key (2018)
- RSA, 3072-bit. Key ID:
6289A25F4AE8DA82
. Fingerprint:E273 94AC A3F9 D904 9522 E054 6289 A25F 4AE8 DA82
- Snapshot Key (2018)
- RSA, 3072-bit. Key ID:
38BA7229B7588FD1
. Fingerprint:C92B 52E9 9AB6 1DDA 33DB 2B7A 38BA 7229 B758 8FD1
- Secure Contact Key (2018)
- RSA, 3072-bit. Key ID:
657D487977F95C98
. Fingerprint:A680 0082 2998 6E46 22CA 0E43 657D 4879 77F9 5C98
Key generated in 2016 (when we first introduced the Secure Contact Key)
- Secure Contact Key (2016)
- RSA, 2048-bit. Main key ID:
2048R/8A0AF00B
(long version:2048R/C4FCAAD08A0AF00B
). Encryption subkey ID:2048R/50C2CF5C
(long version:2048R/9EB39CC150C2CF5C
). Fingerprint:8A26 250E 763F E359 75F3 118F C4FC AAD0 8A0A F00B
Keys generated in the 2015 rollover
- Master Key (2015)
- RSA, 4096-bit. Key ID:
4096R/04676F7C
(long version:4096R/AB585DC604676F7C
). Fingerprint:440D E3B5 B7A1 CA85 B3CC 1718 AB58 5DC6 0467 6F7C
- Release Key (2015)
- RSA, 2048-bit. Key ID:
2048R/B43434E4
(long version:2048R/9DFE2648B43434E4
). Fingerprint:0054 DDAA 8ADA 15D2 768A 6DE7 9DFE 2648 B434 34E4
- Snapshot Key (2015)
- RSA, 2048-bit. Key ID:
2048R/D15F7E8A
(long version:2048R/EEF20295D15F7E8A
). Fingerprint:0A3B 0048 FE49 9B67 A234 FEB6 EEF2 0295 D15F 7E8A
Original keys generated in 2000 (two sets, RSA and DSA)
- Master Key (original RSA)
- RSA, 1024-bit. Key ID:
1024R/1E34AC41
(long version:1024R/9D5877BF1E34AC41
). Fingerprint:8F 15 97 DA 25 30 AB 0D 88 D1 92 54 11 CF 0C 4C
- Master Key (original DSA)
- DSA, 1024-bit. Key ID:
1024D/6A93B34E
(long version:1024D/4F5E6DF56A93B34E
). Fingerprint:313C 3E76 4B74 C2C5 F2AE 83A8 4F5E 6DF5 6A93 B34E
- Release Key (original RSA)
- RSA, 1024-bit. Key ID:
1024R/B41CAE29
(long version:1024R/EF39CCC0B41CAE29
). Fingerprint:AE 65 D3 F7 85 D3 18 E0 3B 0C 9B 02 FF 3A 81 FE
- Release Key (original DSA)
- DSA, 1024-bit. Key ID:
1024D/08B0A90B
(long version:1024D/FECD6F3F08B0A90B
). Fingerprint:00B1 1009 38E6 9800 6518 F0AB FECD 6F3F 08B0 A90B
- Snapshot Key (original RSA)
- RSA, 1024-bit. Key ID:
1024R/32B903A9
(long version:1024R/FAAED21532B903A9
). Fingerprint:86 8B 1F 79 9C F4 7F BD 8B 1B D7 8E C6 4E 4C 03
- Snapshot Key (original DSA)
- DSA, 1024-bit. Key ID:
1024D/7D3E4A00
(long version:1024D/165E56F77D3E4A00
). Fingerprint:63DD 8EF8 32F5 D777 9FF0 2947 165E 56F7 7D3E 4A00