Archive Signing Keys

This page contains information on the current and past archive signing keys. The release files are signed by an automatic archive signing key in order to allow verification that software being downloaded has not been interfered with.

Please note that the details here are for information only, you should not rely on them and use other ways to verify them.

Which release should be signed with which key?

Stable releases are signed by both the ftp-master automatic archive signing key in use at the time of the release, and a per-release stable key. Release files for other releases (proposed-updates, testing, testing-proposed-updates, unstable and experimental) are signed only by the ftp-master automatic key.

The security archive is signed by the ftp-master key only.

The current procedure is that there is one ftp-master key per release (former procedure introduced a new key once per year).

Archive Keys

Active Signing Keys

Stable Keys

Retired Signing Keys

The following retired and in most cases expired keys are available. Note that these keys are no longer in use and are listed here for reference purposes only:

Upload Processing Keys

The following keys are used to sign mails sent by the archive software. They must not be used by APT.

Key Replacement Procedure

When the archive key is to be replaced, a new key will be generated by one of the ftpmasters. This key will then be signed by that ftpmaster and other ftpmasters and members of the ftpteam (including verification by phone call of the fingerprint and other details of the key to be signed).

Once the new key is prepared, it will be placed on this page, put into the relevant archive packages and announced to debian-devel-announce well in advance of being used.

Key Revocation Procedure

The ftp masters at the time of the key generation are designated revokers and can revoke the key if required.

Key Backup / Restore Procedure

After the creation of the archive key, the secret part of it will be backed up in one additional way. The program gfshare (package libgfshare-bin) (a Shamir's secret sharing scheme implementation) is used to produce 5 shares of which 3 are needed to recover the secret key.

See scripts/debian/generate-archive-key for who has recovery shares; check the historic version for older keys.


Debian FTP team