• forum
  • tails-signing.key2
 tails-signing.key2
Download Tails 0.23 March 19, 2014

Following the instruction here:

https://tails.boum.org/download/index.en.html#verify

When I import the Tails signing key, rather than say "imported" it returns "27 new signatures". Is this okay?

Here it is in full:

cat tails-signing.key | gpg --import

gpg: key BE2CD9C1: "Tails developers (signing key) tails@boum.org" 27 new signatures gpg: Total number processed: 1

gpg: new signatures: 27

gpg: no ultimately trusted keys found

RSS Atom
comment 1
It's fine. The "new signatures" refers to the number of keys that have signed the key you imported.
Comment by Tails Fri 06 Jul 2012 09:33:03 PM CEST
why they was modified?
As the signing key is the central part of Tails' ISO authentification, can you explain deeper why they was modified?
Comment by Anonymous Mon 09 Jul 2012 12:25:30 PM CEST
comment 3

The signing key was not modified.

More people signed it, and we refreshed the exported public key on the website so that users have more possible ways to check its authenticity through the web-of-trust.

Comment by Tails Mon 09 Jul 2012 10:21:41 PM CEST
comment 5

you say tails signing.key was not modified - but usually the file is about 6.9 kb and the new one is about 20 kb.

When doing a 256 sha sum together with older keys you can clearly see the difference of this new key.

Did the volume of the keyfile grow because of the new signatures and that created a new checksum ? So that would mean this method of trust would restart at every new signing process.

Comment by Anonymous Sun 15 Jul 2012 06:46:04 PM CEST
comment 6

you say tails signing.key was not modified

No. I said the signing key was not modified. What you refer to as signing.key is a textual representation of the public part of the signing key, along with cryptographic certifications (also known as "signatures") of that key. The latter was modified, hence the whole file has been too.

Comment by Tails Mon 16 Jul 2012 07:00:17 AM CEST
Add a comment