## translation metadata
# Revision: $Revision$
# Translation-Priority: 4-optional
#include "head.wmi" TITLE="Tor Project: Signing keys" CHARSET="UTF-8"
<div id="content" class="clearfix">
<div id="breadcrumbs">
<a href="<page index>">Home » </a>
<a href="<page docs/verifying-signatures>">Verifying Signatures</a>
</div>
<div id="maincol">
<h1>Which PGP keys sign which packages</h1>
<hr>
<p>The signing keys we use are:</p>
<ul>
<li>The Tor Browser Developers (0x4E2C6E8793298290),
Mike Perry (0x0E3A92E4), Georg Koppen (0x4B7C3223),
Nicolas Vigier (0xD0220E4B), Linus Nordberg (0x23291265)
and Arthur Edelstein (0xD752F538C0D38C3A)
sign the Tor Browser releases.</li>
<li>Roger Dingledine (0x28988BF5 and 0x19F78451) or Nick Mathewson
(0xFE43009C4607B1FB with signing key 0x6AFEE6D49E92B601)
sign the Tor source code tarballs. (Nick's old key was 0x165733EA
with signing key 0x8D29319A; it signed older tarballs.)</li>
<li>Tor Project Archive (0x886DDD89) signs the deb.torproject.org
repositories and archives.</li>
<li>Damian Johnson (0x9ABBEEC6) signs Arm releases.</li>
<li>The Tails team (0x58ACD84F) signs the Tails live system releases.</li>
<li>David Goulet (0x42E86A2A11F48D36) signs Torsocks releases.</li>
<li>Sukhbir Singh (0xB01C8B006DA77FAA) signs Tor Messenger and TorBirdy releases.</li>
<li>Other developers include Peter Palfrader (0xC82E0039, or its
subkey 0xE1DEC577).</li>
</ul>
The fingerprints for the keys should be:
<pre>
pub 1024D/28988BF5 2000-02-27
Key fingerprint = B117 2656 DFF9 83C3 042B C699 EB5A 896A 2898 8BF5
uid Roger Dingledine <arma@mit.edu>
pub 4096R/19F78451 2010-05-07
Key fingerprint = F65C E37F 04BA 5B36 0AE6 EE17 C218 5258 19F7 8451
uid Roger Dingledine <arma@torproject.org>
sub 4096R/B0E5067D 2015-06-10 [expires: 2016-06-09]
pub 4096R/FE43009C4607B1FB 2016-09-21 [expires: 2019-09-21]
Key fingerprint = 2133 BC60 0AB1 33E1 D826 D173 FE43 009C 4607 B1FB
uid Nick Mathewson <nickm@alum.mit.edu>
uid Nick Mathewson <nickm@wangafu.net>