Signing Keys


We have a number of signing keys used for signing software releases. There are a number of different keys because there are a number of different ways of signing software. This list aims to be the comprehensive list of all the release signing keys that we use.

OpenPGP

We sign all of our releases using OpenPGP detached binary signatures in a .sig file.

People signing official releases

Launchpad Ubuntu Package Archive (PPA)

For easy installation on Ubuntu/Mint/etc. of our official releases, as well as backported software that we use, we have an Launchpad PPA with its own signing key provided by Launchpad:

Android APK

We currently have two signing keys: a 4096-bit RSA key used for all new apps, and a 1024-bit RSA key that we use for all apps that we first released before 2014. You can download the whole public keys and verify it using the OpenPGP signature:

4096-bit RSA

1024-bit RSA

FDroid Repo

Our official releases are also posted on our own FDroid repo, which is accessible at https://guardianproject.info/fdroid/repo. The signing key for that repo is available here:

The fingerprints for this signing key are:

Owner: EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US
Issuer: EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US
Serial number: a397b4da7ecda034
Valid from: Thu Jun 26 15:39:18 EDT 2014 until: Sun Nov 10 14:39:18 EST 2041
Certificate fingerprints:
 MD5:  8C:BE:60:6F:D7:7E:0D:2D:B8:06:B5:B9:AD:82:F5:5D
 SHA1: 63:9F:F1:76:2B:3E:28:EC:CE:DB:9E:01:7D:93:21:BE:90:89:CD:AD
 SHA256: B7:C2:EE:FD:8D:AC:78:06:AF:67:DF:CD:92:EB:18:12:6B:C0:83:12:A7:F2:D6:F3:86:2E:46:01:3C:7A:61:35
 Signature algorithm name: SHA1withRSA
 Version: 1