1\A{pgpkeys} PuTTY download keys and signatures 2 3\I{verifying new versions}We create \i{GPG signatures} for all the PuTTY 4files distributed from our web site, so that users can be confident 5that the files have not been tampered with. Here we identify 6our public keys, and explain our signature policy so you can have an 7accurate idea of what each signature guarantees. 8This description is provided as both a web page on the PuTTY site, and 9an appendix in the PuTTY manual. 10 11As of release 0.58, all of the PuTTY executables contain fingerprint 12material (usually accessed via the \i\c{-pgpfp} command-line 13option), such that if you have an executable you trust, you can use 14it to establish a trust path, for instance to a newer version 15downloaded from the Internet. 16 17As of release 0.67, the Windows executables and installer also contain 18built-in signatures that are automatically verified by Windows' own 19mechanism (\q{\i{Authenticode}}). The keys used for that are different, 20and are not covered here. 21 22(Note that none of the keys, signatures, etc mentioned here have 23anything to do with keys used with SSH - they are purely for verifying 24the origin of files distributed by the PuTTY team.) 25 26\H{pgpkeys-pubkey} Public keys 27 28We maintain multiple keys, stored with different levels of security 29due to being used in different ways. See \k{pgpkeys-security} below 30for details. 31 32The keys we provide are: 33 34\dt Snapshot Key 35 36\dd Used to sign routine development builds of PuTTY: nightly 37snapshots, pre-releases, and sometimes also custom diagnostic builds 38we send to particular users. 39 40\dt Release Key 41 42\dd Used to sign manually released versions of PuTTY. 43 44\dt Secure Contact Key 45 46\dd An encryption-capable key suitable for people to send confidential 47messages to the PuTTY team, e.g. reports of vulnerabilities. 48 49\dt Master Key 50 51\dd Used to tie all the above keys into the GPG web of trust. The 52Master Key signs all the other keys, and other GPG users have signed 53it in turn. 54 55The current issue of those keys are available for download from the 56PuTTY website, and are also available on PGP keyservers using the key 57IDs listed below. 58 59\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2018.asc}{\s{Master Key} (2018)} 60 61\dd RSA, 4096-bit. Key ID: \cw{76BC7FE4EBFD2D9E}. Fingerprint: 62\cw{24E1\_B1C5\_75EA\_3C9F\_F752\_\_A922\_76BC\_7FE4\_EBFD\_2D9E} 63 64\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-2018.asc}{\s{Release Key} (2018)} 65 66\dd RSA, 3072-bit. Key ID: \cw{6289A25F4AE8DA82}. Fingerprint: 67\cw{E273\_94AC\_A3F9\_D904\_9522\_\_E054\_6289\_A25F\_4AE8\_DA82} 68 69\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-2018.asc}{\s{Snapshot Key} (2018)} 70 71\dd RSA, 3072-bit. Key ID: \cw{38BA7229B7588FD1}. Fingerprint: 72\cw{C92B\_52E9\_9AB6\_1DDA\_33DB\_\_2B7A\_38BA\_7229\_B758\_8FD1} 73 74\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/contact-2018.asc}{\s{Secure Contact Key} (2018)} 75 76\dd RSA, 3072-bit. Key ID: \cw{657D487977F95C98}. Fingerprint: 77\cw{A680\_0082\_2998\_6E46\_22CA\_\_0E43\_657D\_4879\_77F9\_5C98} 78 79\H{pgpkeys-security} Security details 80 81The various keys have various different security levels. This 82section explains what those security levels are, and how far you can 83expect to trust each key. 84 85\S{pgpkeys-snapshot} The Development Snapshots key 86 87The Development Snapshots private key is stored \e{without a 88passphrase}. This is necessary, because the snapshots are generated 89every night without human intervention, so nobody would be able to 90type a passphrase. 91 92The snapshots are built and signed on a team member's home computers, 93before being uploaded to the web server from which you download them. 94 95Therefore, a signature from the Development Snapshots key \e{DOES} 96protect you against: 97 98\b People tampering with the PuTTY binaries between the PuTTY web site 99and you. 100 101\b The maintainers of our web server attempting to abuse their root 102privilege to tamper with the binaries. 103 104But it \e{DOES NOT} protect you against: 105 106\b People tampering with the binaries before they are uploaded to our 107download servers. 108 109\b People tampering with the build machines so that the next set of 110binaries they build will be malicious in some way. 111 112\b People stealing the unencrypted private key from the build machine 113it lives on. 114 115Of course, we take all reasonable precautions to guard the build 116machines. But when you see a signature, you should always be certain 117of precisely what it guarantees and precisely what it does not. 118 119\S{pgpkeys-release} The Releases key 120 121The Releases key is more secure: because it is only used at release 122time, to sign each release by hand, we can store it encrypted. 123 124The Releases private key is kept encrypted on the developers' own 125local machines. So an attacker wanting to steal it would have to also 126steal the passphrase. 127 128\S{pgpkeys-contact} The Secure Contact Key 129 130The Secure Contact Key is stored with a similar level of security to 131the Release Key: it is stored with a passphrase, and no automated 132script has access to it. 133 134\S{pgpkeys-master} The Master Keys 135 136The Master Key signs almost nothing. Its purpose is to bind the other 137keys together and certify that they are all owned by the same people 138and part of the same integrated setup. The only signatures produced by 139the Master Key, \e{ever}, should be the signatures on the other keys. 140 141The Master Key is especially long, and its private key and passphrase 142are stored with special care. 143 144We have collected some third-party signatures on the Master Key, in 145order to increase the chances that you can find a suitable trust path 146to them. 147 148We have uploaded our various keys to public keyservers, so that 149even if you don't know any of the people who have signed our 150keys, you can still be reasonably confident that an attacker would 151find it hard to substitute fake keys on all the public keyservers at 152once. 153 154\H{pgpkeys-rollover} Key rollover 155 156Our current keys were generated in August 2018. 157 158Each new Master Key is signed with the old one, to show that it really 159is owned by the same people and not substituted by an attacker. 160 161Each new Master Key also signs the previous Release Keys, in case 162you're trying to verify the signatures on a release prior to the 163rollover and can find a chain of trust to those keys from any of the 164people who have signed our new Master Key. 165 166Each release is signed with the Release Key that was current at the 167time of release. We don't go back and re-sign old releases with newly 168generated keys. 169 170The details of all previous keys are given here. 171 172\s{Key generated in 2016} (when we first introduced the Secure Contact Key) 173 174\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/contact-2016.asc}{\s{Secure Contact Key} (2016)} 175 176\dd RSA, 2048-bit. Main key ID: \cw{2048R/8A0AF00B} (long version: 177\cw{2048R/C4FCAAD08A0AF00B}). Encryption subkey ID: 178\cw{2048R/50C2CF5C} (long version: \cw{2048R/9EB39CC150C2CF5C}). 179Fingerprint: 180\cw{8A26\_250E\_763F\_E359\_75F3\_\_118F\_C4FC\_AAD0\_8A0A\_F00B} 181 182\s{Keys generated in the 2015 rollover} 183 184\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2015.asc}{\s{Master Key} (2015)} 185 186\dd RSA, 4096-bit. Key ID: \cw{4096R/04676F7C} (long version: 187\cw{4096R/AB585DC604676F7C}). Fingerprint: 188\cw{440D\_E3B5\_B7A1\_CA85\_B3CC\_\_1718\_AB58\_5DC6\_0467\_6F7C} 189 190\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-2015.asc}{\s{Release Key} (2015)} 191 192\dd RSA, 2048-bit. Key ID: \cw{2048R/B43434E4} (long version: 193\cw{2048R/9DFE2648B43434E4}). Fingerprint: 194\cw{0054\_DDAA\_8ADA\_15D2\_768A\_\_6DE7\_9DFE\_2648\_B434\_34E4} 195 196\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-2015.asc}{\s{Snapshot Key} (2015)} 197 198\dd RSA, 2048-bit. Key ID: \cw{2048R/D15F7E8A} (long version: 199\cw{2048R/EEF20295D15F7E8A}). Fingerprint: 200\cw{0A3B\_0048\_FE49\_9B67\_A234\_\_FEB6\_EEF2\_0295\_D15F\_7E8A} 201 202\s{Original keys generated in 2000} (two sets, RSA and DSA) 203 204\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-rsa.asc}{\s{Master Key} (original RSA)} 205 206\dd RSA, 1024-bit. Key ID: \cw{1024R/1E34AC41} (long version: 207\cw{1024R/9D5877BF1E34AC41}). Fingerprint: 208\cw{8F\_15\_97\_DA\_25\_30\_AB\_0D\_\_88\_D1\_92\_54\_11\_CF\_0C\_4C} 209 210\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-dsa.asc}{\s{Master Key} (original DSA)} 211 212\dd DSA, 1024-bit. Key ID: \cw{1024D/6A93B34E} (long version: 213\cw{1024D/4F5E6DF56A93B34E}). Fingerprint: 214\cw{313C\_3E76\_4B74\_C2C5\_F2AE\_\_83A8\_4F5E\_6DF5\_6A93\_B34E} 215 216\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-rsa.asc}{\s{Release Key} (original RSA)} 217 218\dd RSA, 1024-bit. Key ID: \cw{1024R/B41CAE29} (long version: 219\cw{1024R/EF39CCC0B41CAE29}). Fingerprint: 220\cw{AE\_65\_D3\_F7\_85\_D3\_18\_E0\_\_3B\_0C\_9B\_02\_FF\_3A\_81\_FE} 221 222\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-dsa.asc}{\s{Release Key} (original DSA)} 223 224\dd DSA, 1024-bit. Key ID: \cw{1024D/08B0A90B} (long version: 225\cw{1024D/FECD6F3F08B0A90B}). Fingerprint: 226\cw{00B1\_1009\_38E6\_9800\_6518\_\_F0AB\_FECD\_6F3F\_08B0\_A90B} 227 228\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-rsa.asc}{\s{Snapshot Key} (original RSA)} 229 230\dd RSA, 1024-bit. Key ID: \cw{1024R/32B903A9} (long version: 231\cw{1024R/FAAED21532B903A9}). Fingerprint: 232\cw{86\_8B\_1F\_79\_9C\_F4\_7F\_BD\_\_8B\_1B\_D7\_8E\_C6\_4E\_4C\_03} 233 234\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-dsa.asc}{\s{Snapshot Key} (original DSA)} 235 236\dd DSA, 1024-bit. Key ID: \cw{1024D/7D3E4A00} (long version: 237\cw{1024D/165E56F77D3E4A00}). Fingerprint: 238\cw{63DD\_8EF8\_32F5\_D777\_9FF0\_\_2947\_165E\_56F7\_7D3E\_4A00} 239