[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [webwml/master] Update subkey fingerprints and signing keys page (#27698, #27702)



commit 9db0e47474c387faa5ec3b0fe8d18a6f256eceac
Author: traumschule <traumschuleriebau@xxxxxxxxxx>
Date:   Fri Sep 14 19:02:16 2018 +0200

    Update subkey fingerprints and signing keys page (#27698, #27702)
---
 docs/en/update_signing-keys.pl   | 120 +++++++++++++++++++++++++++------------
 docs/en/verifying-signatures.wml |  16 +++---
 include/keys.wmi                 |  55 ++++++++++++++----
 include/subkey_fingerprints.wmi  |   3 -
 4 files changed, 136 insertions(+), 58 deletions(-)

diff --git a/docs/en/update_signing-keys.pl b/docs/en/update_signing-keys.pl
index db7ce738..5cdc1006 100755
--- a/docs/en/update_signing-keys.pl
+++ b/docs/en/update_signing-keys.pl
@@ -2,8 +2,10 @@
 use strict;
 use warnings;
 
+# This script automatically updates the .wmi file with gpg as per:
 my $keysfile = "include/keys.txt";
 my $wmifile = 'include/keys.wmi';
+my $fpfile = 'include/subkey_fingerprints.wmi';
 my $forcekeyupdates = 0;
 my $skipkeyupdates = 0;
 
@@ -21,7 +23,7 @@ open my $kf, '<', "$keysfile" # read keys
 
 my %sections; # project => key owners
 my %owners; # key owner => string with all keys
-my @projects; # save sections in order of appearance
+my @apps; # save sections in order of appearance
 my $section;
 foreach (<$kf>) {
   # filters comment and empty lines
@@ -31,7 +33,7 @@ foreach (<$kf>) {
   } elsif (/^\[(.+)\]$/) {
     $section = "$1";
     $sections{"$section"} = ();
-    push (@projects, $section);
+    push (@apps, $section);
   # key owner with list of key id(s)
   } elsif (/^([^:]+):(.+)$/) {
     my $owner = "$1";
@@ -43,7 +45,7 @@ foreach (<$kf>) {
 }
 close $kf;
 my @owners = keys %owners;
-print "Loaded $keysfile. Found $#owners key owners in $#projects projects.\n";
+print "Loaded $keysfile. Found $#owners key owners for $#apps applications.\n";
 
 # If the keysfile did not change since the last run, we will not update them.
 # To update all keys anyway, set $forcekeyupdates = 1 above, or comment:
@@ -51,38 +53,36 @@ if (-f $wmifile && qx/[ $wmifile -nt $keysfile ]/) {
   $forcekeyupdates or $skipkeyupdates++;
 }
 
-open my $out, '>', "$wmifile"
-  or die "Could not write to $wmifile; $!\n";
-print $out "#!/usr/bin/env wml\n<p>
-This page is automatically generated from
-<a href='/include/keys.txt'>keys.txt</a>.
-The signing keys we use are:\n</p>\n<ul>\n";
+my $buffer = ''; # project overview string
 my %fingerprints;
-foreach my $project (@projects) {
-  my $owners = '';
-  my $suf = 's';
-  my @keysinproject;
+foreach my $app (@apps) {
+  print "\nUpdating keys for '$app':\n";
+  my ($keys, $subkey_fingerprints, $owners, $suf) = ('', '', '', 's');
+  my @keysforapp;
   # we grab the key owners for each project and iterate over their keys
-  foreach my $owner (@{$sections{"$project"}}) { # iterate over owners
+  foreach my $owner (@{$sections{"$app"}}) { # iterate over owners
     my $keys = $owners{"$owner"};
     # example for $keys: 0x165733EA, 0x8D29319A(signing key)
-    my $inbrackets = '';
+    my ($inbrackets, $inbrackets_html) = ('', '');
     $suf = '' if ($owners ne '');
     my @keys = split (',', $keys); 
     foreach my $key (@keys) { # iterate over keys
       # validate key format. all regexp are beautiful.
       if ($key =~ /^\s?(0x[^\(]+)(\(([^\)]+)\))?/) {
         my $key = $1; 
-        push (@keysinproject, $key);
+        my $keylink = "<a href='https://pgp.mit.edu/pks/lookup?search=$key&op=vindex&exact=on'>$key</a>";
+        push (@keysforapp, $key);
         # named alternative key
         if ($2) {
           $inbrackets .= " with its $3 $key";
         # first key
         } elsif ($inbrackets eq '') {
           $inbrackets = "$key";
+          $inbrackets_html = "$keylink";
         # second key
         } else {
-          $inbrackets .= " and $key";
+          $inbrackets = " and $key";
+          $inbrackets_html .= " and $keylink";
         }
       } else { # tell if the format is wrong
         print "Unrecognized key format: $key\n";
@@ -90,31 +90,81 @@ foreach my $project (@projects) {
     }
     my $sep = ($owners eq '') ? '' : ', ';
     # Add owner to the list
-    $owners .= "$sep$owner ($inbrackets)";
-    print " - $owner ($inbrackets) [$project]\n";
+    $owners .= "$sep$owner ($inbrackets_html)";
+    print " - $owner ($inbrackets)\n";
   }
-  if ($project eq 'other') {
-    print $out "<li>Other developers include $owners.</li>\n";
+  if ($app eq 'other') {
+    $buffer .= "<li>Other developers include $owners.</li>\n";
   } else {
-    $suf = 'ed' if ($project =~ /older/);
-    print $out "<li>$owners sign$suf <strong>$project</strong></li>\n";
+    $suf = 'ed' if ($app =~ /older/);
+    $buffer .= "<li>$owners sign$suf <strong>$app</strong></li>\n";
   }
-  foreach my $key (@keysinproject) {
-    # update keys form keyserver pool
+
+  # we update collected keys for this application and create a string of them
+  my $gpgcmd = "gpg --keyid-format 0xlong --fingerprint --with-subkey-fingerprints";
+  foreach my $key (@keysforapp) {
+    # update keys
     if ($forcekeyupdates or not $skipkeyupdates) {
-      print "Fetching $key from keyserver:\n";
-      qx/gpg --recv-key $key/ or die "Failed to fetch $key;
+      print "\nFetching $key\n";
+      my $gpgresult;
+      do { $gpgresult = system "gpg --recv-key $key"; sleep 1; }
+      while ($gpgresult != 0);
     }
+
+    # add output to key string
+    my $str = qx/$gpgcmd $key/;
+    # replace html codes
+    $str =~ s/</&lt;/g; $str =~ s/>/&gt;/g; $str =~ s/@/#/g; $str =~ s/@/&at;/g;
+    $keys .= "$str";
+  }
+  # save formatted string for project
+  $fingerprints{"$app"} = "<pre>\n$keys</pre>\n";
+
+  if ($app eq "Tor Browser releases") {
+    my $owner = "The Tor Browser Developers";
+    die "Did not findTor Browser signing key.\n" if ($owners{$owner} eq '');
+    # save Tor Browser signing key subkey fingerprints to $fpfile
+    my @fp = qx/$gpgcmd $owners{$owner}|grep "Key fingerprint"/;
+    shift @fp; # remove primary key fingerprint
+    $subkey_fingerprints .= join ('', map { s/^\s+Key fingerprint = //; "$_" } @fp);
+    if (open my $fpout, '>', "$fpfile.temp") {
+      print $fpout "#!/usr/bin/env wml\n$subkey_fingerprints";
+      close $fpout;
+      # check that the written file is not empty
+      my $written_lines = qx/wc -l "$fpfile.temp"|wc -l/;
+      if ($written_lines gt 0) {
+        rename "$fpfile.temp", "$fpfile" and
+          print "\nWrote following subkey fingerprints to $fpfile:\n$subkey_fingerprints"
+          or die "Could not overwrite $fpfile: $!\n";
+      } else { die "Created $fpfile.temp but it is empty.\n"; }
+    } else { die "Could not create temporary file $fpfile.temp.\n"; }
   }
-  # save gpg output for later
-  my $str = qx/gpg --list-keys --keyid-format 0xlong --with-fingerprint $keyids/;
-  $str =~ s/</&lt;/g; $str =~ s/>/&gt;/g; $str =~ s/@/#/g; # replace html codes
-  $fingerprints{"$project"} = "<pre>\n$str</pre>\n";
 }
+my @date = localtime;
+my $date = "$date[4]/$date[5]"; # Month/Year
 
 # print keys for each project to file
-print $out "</ul>\n<h2>Fingerprints</h2>\n<p>The fingerprints for the keys are:</p>\n";
-foreach my $project (@projects) {
-  print $out "<h3>$project</h3>\n". $fingerprints{"$project"};
+open my $html, '>', "$wmifile"
+  or die "Could not write to $wmifile; $!\n";
+
+print $html "#!/usr/bin/env wml
+<p>
+This page was automatically generated page from
+<a href='/include/keys.txt'>this file listing the gpg keys of our release teams</a>.
+To learn how to verify signatures, see <a href=\"<page docs/signing-keys>\">
+our manual</a>.
+</p>
+<p>
+As of $date the signing keys we use are:
+</p>
+
+<ul>
+$buffer
+</ul>
+<h2>Fingerprints</h2>\n<p>The fingerprints for the keys are:</p>\n";
+
+foreach my $app (@apps) {
+  print $html "<h3>$app</h3>\n". $fingerprints{"$app"};
 }
-close $out; print "Wrote $wmifile.\n"; exit 0;
+close $html;
+print "\nWrote $wmifile.\n";
diff --git a/docs/en/verifying-signatures.wml b/docs/en/verifying-signatures.wml
index 3fd24f28..d131e084 100644
--- a/docs/en/verifying-signatures.wml
+++ b/docs/en/verifying-signatures.wml
@@ -109,7 +109,7 @@
     <pre>
 pub   rsa4096/0x4E2C6E8793298290 2014-12-15 [C] [expires: 2020-08-24]
       Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
-uid                   [ unknown] Tor Browser Developers (signing key) <torbrowser@xxxxxxxxxxxxxx>
+uid                   [ unknown] Tor Browser Developers (signing key) &lt;torbrowser&at;torproject.org&gt;
 sub   rsa4096/0xD1483FA6C3C07136 2016-08-24 [S] [expires: 2018-08-24]
       Key fingerprint = A430 0A6B C93C 0877 A445  1486 D148 3FA6 C3C0 7136
 sub   rsa4096/0xEB774491D9FF06E2 2018-05-26 [S] [expires: 2020-09-12]
@@ -125,15 +125,15 @@ sub   rsa4096/0xEB774491D9FF06E2 2018-05-26 [S] [expires: 2020-09-12]
 gpg: assuming signed data in 'torbrowser-install-<version-torbrowserbundle>_en-US.exe'
 gpg: Signature made Wed 15 Nov 2017 05:52:38 PM CET
 gpg:                using RSA key 0xD1483FA6C3C07136
-gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@xxxxxxxxxxxxxx>" [unknown]
+gpg: Good signature from "Tor Browser Developers (signing key) &lt;torbrowser&at;torproject.org&gt;" [unknown]
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
 Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
      Subkey fingerprint: A430 0A6B C93C 0877 A445  1486 D148 3FA6 C3C0 7136
-    <p>Currently valid subkey fingerprints are:
+    <p>Currently valid subkey fingerprints are:</p>
     <pre>
 #include "subkey_fingerprints.wmi" TITLE="Tor Project: Subkey Fingerprints" CHARSET="UTF-8"
-    </pre></p>
+    </pre>
     <p>
     Notice that there is a warning because you haven't assigned a trust
     index to this person. This means that GnuPG verified that the key made
@@ -168,7 +168,7 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
     <pre>
 pub   rsa4096/0x4E2C6E8793298290 2014-12-15 [C] [expires: 2020-08-24]
       Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
-uid                   [ unknown] Tor Browser Developers (signing key) <torbrowser@xxxxxxxxxxxxxx>
+uid                   [ unknown] Tor Browser Developers (signing key) &lt;torbrowser&at;torproject.org&gt;
 sub   rsa4096/0xD1483FA6C3C07136 2016-08-24 [S] [expires: 2018-08-24]
       Key fingerprint = A430 0A6B C93C 0877 A445  1486 D148 3FA6 C3C0 7136
 sub   rsa4096/0xEB774491D9FF06E2 2018-05-26 [S] [expires: 2020-09-12]
@@ -190,16 +190,16 @@ sub   rsa4096/0xEB774491D9FF06E2 2018-05-26 [S] [expires: 2020-09-12]
 gpg: assuming signed data in 'tor-browser-linux64-<version-torbrowserbundlelinux64>_en-US.tar.xz'
 gpg: Signature made Wed 15 Nov 2017 05:52:38 PM CET
 gpg:                using RSA key 0xD1483FA6C3C07136
-gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@xxxxxxxxxxxxxx>" [unknown]
+gpg: Good signature from "Tor Browser Developers (signing key) &lt;torbrowser&at;torproject.org&gt;" [unknown]
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
 Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
      Subkey fingerprint: A430 0A6B C93C 0877 A445  1486 D148 3FA6 C3C0 7136
     </pre>
-    <p> Currently valid subkey fingerprints are:
+    <p>Currently valid subkey fingerprints are:</p>
     <pre>
 #include "subkey_fingerprints.wmi" TITLE="Tor Project: Subkey Fingerprints" CHARSET="UTF-8"
-    </pre></p>
+    </pre>
     <p>
     Notice that there is a warning because you haven't assigned a trust
     index to this person. This means that GnuPG verified that the key made
diff --git a/include/keys.wmi b/include/keys.wmi
index 1ba50734..f68197ed 100644
--- a/include/keys.wmi
+++ b/include/keys.wmi
@@ -1,20 +1,25 @@
 #!/usr/bin/env wml
 <p>
-This page is automatically generated from
-<a href='/include/keys.txt'>keys.txt</a>.
-The signing keys we use are:
+This page was automatically generated page from
+<a href='/include/keys.txt'>this file listing the gpg keys of our release teams</a>.
+To learn how to verify signatures, see <a href="<page docs/signing-keys>">
+our manual</a>.
+</p>
+<p>
+As of 8/118 the signing keys we use are:
 </p>
 
 <ul>
-<li>The Tor Browser Developers (0x4E2C6E8793298290), Mike Perry (0x29846B3C683686CC), Georg Koppen (0xD1483FA6C3C07136), Nicolas Vigier (0xE5B81856D0220E4B), Arthur Edelstein (0xD752F538C0D38C3A) sign <strong>Tor Browser releases</strong></li>
-<li>Roger Dingledine (0x28988BF5 and 0x19F78451), Nick Mathewson (0x165733EA with its signing key 0x8D29319A) sign <strong>Tor source tarballs</strong></li>
-<li>Nick Mathewson (0x165733EA with its signing key 0x8D29319A) signed <strong>older Tor tarballs</strong></li>
-<li>Tor Project Archive (0xEE8CBC9E886DDD89) signs <strong>deb.torproject.org repositories and archives</strong></li>
-<li>Damian Johnson (0x9ABBEEC6) signs <strong>Arm releases</strong></li>
-<li>The Tails team (0xDBB802B258ACD84F) signs <strong>Tails live system releases</strong></li>
-<li>David Goulet (0x42E86A2A11F48D36) signs <strong>Torsocks releases</strong></li>
-<li>Sukhbir Singh (0xB01C8B006DA77FAA) signs <strong>TorBirdy releases</strong></li>
-<li>Other developers include Peter Palfrader (0x62AF4031C82E0039).</li>
+<li>The Tor Browser Developers (<a href='https://pgp.mit.edu/pks/lookup?search=0x4E2C6E8793298290&op=vindex&exact=on'>0x4E2C6E8793298290</a>), Mike Perry (<a href='https://pgp.mit.edu/pks/lookup?search=0x29846B3C683686CC&op=vindex&exact=on'>0x29846B3C683686CC</a>), Georg Koppen (<a href='https://pgp.mit.edu/pks/lookup?search=0xD1483FA6C3C07136&op=vindex&exact=on'>0xD1483FA6C3C07136</a>), Nicolas Vigier (<a href='https://pgp.mit.edu/pks/lookup?search=0xE5B81856D0220E4B&op=vindex&exact=on'>0xE5B81856D0220E4B</a>), Arthur Edelstein (<a href='https://pgp.mit.edu/pks/lookup?search=0xD752F538C0D38C3A&op=vindex&exact=on'>0xD752F538C0D38C3A</a>) sign <strong>Tor Browser releases</strong></li>
+<li>Roger Dingledine (<a href='https://pgp.mit.edu/pks/lookup?search=0x28988BF5&op=vindex&exact=on'>0x28988BF5</a> and <a href='https://pgp.mit.edu/pks/lookup?search=0x19F78451&op=vindex&exact=on'>0x19F78451</a>), Nick Mathewson (<a href='https://pgp.mit.edu/pks/lookup?search=0x165733EA&op=vindex&exact=on'>0x165733EA</a>) sign <strong>Tor source tarballs</strong></li>
+<li>Nick Mathewson (<a href='https://pgp.mit.edu/pks/lookup?search=0x165733EA&op=vindex&exact=on'>0x165733EA</a>) signed <strong>older Tor tarballs</strong></li>
+<li>Tor Project Archive (<a href='https://pgp.mit.edu/pks/lookup?search=0xEE8CBC9E886DDD89&op=vindex&exact=on'>0xEE8CBC9E886DDD89</a>) signs <strong>deb.torproject.org repositories and archives</strong></li>
+<li>Damian Johnson (<a href='https://pgp.mit.edu/pks/lookup?search=0x9ABBEEC6&op=vindex&exact=on'>0x9ABBEEC6</a>) signs <strong>Arm releases</strong></li>
+<li>The Tails team (<a href='https://pgp.mit.edu/pks/lookup?search=0xDBB802B258ACD84F&op=vindex&exact=on'>0xDBB802B258ACD84F</a>) signs <strong>Tails live system releases</strong></li>
+<li>David Goulet (<a href='https://pgp.mit.edu/pks/lookup?search=0x42E86A2A11F48D36&op=vindex&exact=on'>0x42E86A2A11F48D36</a>) signs <strong>Torsocks releases</strong></li>
+<li>Sukhbir Singh (<a href='https://pgp.mit.edu/pks/lookup?search=0xB01C8B006DA77FAA&op=vindex&exact=on'>0xB01C8B006DA77FAA</a>) signs <strong>TorBirdy releases</strong></li>
+<li>Other developers include Peter Palfrader (<a href='https://pgp.mit.edu/pks/lookup?search=0x62AF4031C82E0039&op=vindex&exact=on'>0x62AF4031C82E0039</a>).</li>
+
 </ul>
 <h2>Fingerprints</h2>
 <p>The fingerprints for the keys are:</p>
@@ -24,6 +29,7 @@ pub   rsa4096/0x4E2C6E8793298290 2014-12-15 [C] [expires: 2020-08-24]
       Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
 uid                   [ unknown] Tor Browser Developers (signing key) &lt;torbrowser#torproject.org&gt;
 sub   rsa4096/0xEB774491D9FF06E2 2018-05-26 [S] [expires: 2020-09-12]
+      Key fingerprint = 1107 75B5 D101 FB36 BC6C  911B EB77 4491 D9FF 06E2
 
 pub   rsa8192/0x29846B3C683686CC 2013-09-11 [SC]
       Key fingerprint = C963 C21D 6356 4E2B 10BB  335B 2984 6B3C 6836 86CC
@@ -32,12 +38,15 @@ uid                   [ unknown] Mike Perry &lt;mikeperry#unencrypted.info&gt;
 uid                   [ unknown] Mike Perry (Regular use key) &lt;mikeperry#fscked.org&gt;
 uid                   [ unknown] Mike Perry (Regular use key) &lt;mikeperry#torproject.org&gt;
 sub   rsa4096/0x004AD1045BA0FE28 2017-10-31 [S] [expires: 2018-10-31]
+      Key fingerprint = 7AB6 A050 C544 CB16 60A9  F1E9 004A D104 5BA0 FE28
 sub   rsa4096/0xEEC50E9938F9F4E9 2017-10-31 [E] [expires: 2018-10-31]
+      Key fingerprint = B403 E911 BA38 63DB ED82  C57C EEC5 0E99 38F9 F4E9
 
 pub   rsa4096/0x4E2C6E8793298290 2014-12-15 [C] [expires: 2020-08-24]
       Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
 uid                   [ unknown] Tor Browser Developers (signing key) &lt;torbrowser#torproject.org&gt;
 sub   rsa4096/0xEB774491D9FF06E2 2018-05-26 [S] [expires: 2020-09-12]
+      Key fingerprint = 1107 75B5 D101 FB36 BC6C  911B EB77 4491 D9FF 06E2
 
 pub   rsa4096/0xE5B81856D0220E4B 2014-03-19 [SC]
       Key fingerprint = 4A90 646C 0BAE D9D4 56AB  3111 E5B8 1856 D022 0E4B
@@ -47,6 +56,7 @@ pub   rsa2048/0xD752F538C0D38C3A 2014-12-10 [SC]
       Key fingerprint = 20B2 4CEF E6AF D615 0B6A  6F18 D752 F538 C0D3 8C3A
 uid                   [ unknown] Arthur Edelstein &lt;arthuredelstein#gmail.com&gt;
 sub   rsa2048/0x3306E88D27211E0B 2014-12-10 [E]
+      Key fingerprint = 78BB DCF7 187D F8E7 F832  DD29 3306 E88D 2721 1E0B
 
 </pre>
 <h3>Tor source tarballs</h3>
@@ -55,6 +65,7 @@ pub   dsa1024/0xEB5A896A28988BF5 2000-02-27 [SCA]
       Key fingerprint = B117 2656 DFF9 83C3 042B  C699 EB5A 896A 2898 8BF5
 uid                   [ unknown] Roger Dingledine &lt;arma#mit.edu&gt;
 sub   elg2048/0x147FF421788AFDCE 2000-02-27 [E]
+      Key fingerprint = 08E6 A5BD CF81 D0A3 1BDE  9474 147F F421 788A FDCE
 
 pub   rsa1024/0x9C01813428988BF5 2014-06-16 [SCEA] [revoked: 2016-08-16]
       Key fingerprint = 2629 5471 A26A B9F9 6C0C  45BB 9C01 8134 2898 8BF5
@@ -66,6 +77,7 @@ uid                   [ unknown] Roger Dingledine &lt;arma#mit.edu&gt;
 uid                   [ unknown] Roger Dingledine &lt;arma#freehaven.net&gt;
 uid                   [ unknown] Roger Dingledine &lt;arma#torproject.org&gt;
 sub   rsa4096/0x1A61312B4600E8BE 2018-06-03 [E] [expires: 2019-06-03]
+      Key fingerprint = 6C8F F7D9 F789 52A1 8986  52B7 1A61 312B 4600 E8BE
 
 pub   rsa4096/0x468FAE2919F78451 2014-06-16 [SCEA] [revoked: 2016-08-16]
       Key fingerprint = 9C95 0D05 FC80 2DFA 79C3  7629 468F AE29 19F7 8451
@@ -82,7 +94,9 @@ uid                   [ unknown] Nick Mathewson &lt;nickm#wangafu.net&gt;
 uid                   [ unknown] Nick Mathewson &lt;nickm#freehaven.net&gt;
 uid                   [ unknown] [jpeg image of size 3369]
 sub   rsa3072/0x910397D88D29319A 2004-07-03 [S]
+      Key fingerprint = EF00 F369 1387 FCC5 8CD6  8E13 9103 97D8 8D29 319A
 sub   rsa3072/0xD2CA27F3F25B8E5E 2004-07-03 [E]
+      Key fingerprint = 11F2 E464 48C8 0F44 8F64  FC54 D2CA 27F3 F25B 8E5E
 
 pub   rsa3072/0x21194EBB165733EA 2004-07-03 [SC]
       Key fingerprint = B35B F85B F194 89D0 4E28  C33C 2119 4EBB 1657 33EA
@@ -91,7 +105,9 @@ uid                   [ unknown] Nick Mathewson &lt;nickm#wangafu.net&gt;
 uid                   [ unknown] Nick Mathewson &lt;nickm#freehaven.net&gt;
 uid                   [ unknown] [jpeg image of size 3369]
 sub   rsa3072/0x910397D88D29319A 2004-07-03 [S]
+      Key fingerprint = EF00 F369 1387 FCC5 8CD6  8E13 9103 97D8 8D29 319A
 sub   rsa3072/0xD2CA27F3F25B8E5E 2004-07-03 [E]
+      Key fingerprint = 11F2 E464 48C8 0F44 8F64  FC54 D2CA 27F3 F25B 8E5E
 
 </pre>
 <h3>older Tor tarballs</h3>
@@ -107,7 +123,9 @@ uid                   [ unknown] Nick Mathewson &lt;nickm#wangafu.net&gt;
 uid                   [ unknown] Nick Mathewson &lt;nickm#freehaven.net&gt;
 uid                   [ unknown] [jpeg image of size 3369]
 sub   rsa3072/0x910397D88D29319A 2004-07-03 [S]
+      Key fingerprint = EF00 F369 1387 FCC5 8CD6  8E13 9103 97D8 8D29 319A
 sub   rsa3072/0xD2CA27F3F25B8E5E 2004-07-03 [E]
+      Key fingerprint = 11F2 E464 48C8 0F44 8F64  FC54 D2CA 27F3 F25B 8E5E
 
 pub   rsa3072/0x21194EBB165733EA 2004-07-03 [SC]
       Key fingerprint = B35B F85B F194 89D0 4E28  C33C 2119 4EBB 1657 33EA
@@ -116,7 +134,9 @@ uid                   [ unknown] Nick Mathewson &lt;nickm#wangafu.net&gt;
 uid                   [ unknown] Nick Mathewson &lt;nickm#freehaven.net&gt;
 uid                   [ unknown] [jpeg image of size 3369]
 sub   rsa3072/0x910397D88D29319A 2004-07-03 [S]
+      Key fingerprint = EF00 F369 1387 FCC5 8CD6  8E13 9103 97D8 8D29 319A
 sub   rsa3072/0xD2CA27F3F25B8E5E 2004-07-03 [E]
+      Key fingerprint = 11F2 E464 48C8 0F44 8F64  FC54 D2CA 27F3 F25B 8E5E
 
 </pre>
 <h3>deb.torproject.org repositories and archives</h3>
@@ -125,6 +145,7 @@ pub   rsa2048/0xEE8CBC9E886DDD89 2009-09-04 [SC] [expires: 2022-08-05]
       Key fingerprint = A3C4 F0F9 79CA A22C DBA8  F512 EE8C BC9E 886D DD89
 uid                   [ unknown] deb.torproject.org archive signing key
 sub   rsa2048/0x74A941BA219EC810 2009-09-04 [S] [expires: 2020-11-23]
+      Key fingerprint = 2265 EB4C B2BF 88D9 00AE  8D1B 74A9 41BA 219E C810
 
 </pre>
 <h3>Arm releases</h3>
@@ -138,7 +159,9 @@ pub   dsa1024/0x0445B7AB9ABBEEC6 2009-06-17 [SC]
 uid                   [ unknown] Damian Johnson (www.atagar.com) &lt;atagar1#gmail.com&gt;
 uid                   [ unknown] Damian Johnson &lt;atagar#torproject.org&gt;
 sub   rsa2048/0x888404C187F30690 2010-08-07 [S]
+      Key fingerprint = 2AE2 24F5 C424 990A E520  6C85 8884 04C1 87F3 0690
 sub   elg2048/0x04F1B63D146276B2 2009-06-17 [E]
+      Key fingerprint = C500 E569 5F09 CB7B AA81  A9CE 04F1 B63D 1462 76B2
 
 </pre>
 <h3>Tails live system releases</h3>
@@ -148,9 +171,13 @@ pub   rsa4096/0xDBB802B258ACD84F 2015-01-18 [C] [expires: 2020-01-11]
 uid                   [ unknown] Tails developers (offline long-term identity key) &lt;tails#boum.org&gt;
 uid                   [ unknown] Tails developers &lt;tails#boum.org&gt;
 sub   ed25519/0x90B2B4BD7AED235F 2017-08-28 [S] [expires: 2020-01-11]
+      Key fingerprint = CD4D 4351 AFA6 933F 574A  9AFB 90B2 B4BD 7AED 235F
 sub   rsa4096/0xD21DAD38AF281C0B 2017-08-28 [S] [expires: 2020-01-11]
+      Key fingerprint = 0546 9FB8 5EAD 6589 B43D  41D3 D21D AD38 AF28 1C0B
 sub   rsa4096/0x3020A7A9C2B72733 2017-08-28 [S] [expires: 2020-01-11]
+      Key fingerprint = 2FAF 9BA0 D65B B371 F0BC  2D46 3020 A7A9 C2B7 2733
 sub   rsa4096/0xA8B0F4E45B1B50E2 2018-08-30 [S] [expires: 2020-01-11]
+      Key fingerprint = FE02 9CB4 AAD4 788E 1D78  28E8 A8B0 F4E4 5B1B 50E2
 
 </pre>
 <h3>Torsocks releases</h3>
@@ -161,6 +188,7 @@ uid                   [ unknown] David Goulet &lt;dgoulet#ev0ke.net&gt;
 uid                   [ unknown] David Goulet &lt;dgoulet#riseup.net&gt;
 uid                   [ unknown] David Goulet &lt;dgoulet#torproject.org&gt;
 sub   rsa4096/0x2AC6036C93CC198D 2013-09-10 [E] [expires: 2019-08-17]
+      Key fingerprint = 0451 E51B 33B7 AC38 C57B  09F7 2AC6 036C 93CC 198D
 
 </pre>
 <h3>TorBirdy releases</h3>
@@ -170,6 +198,7 @@ pub   rsa4096/0xB01C8B006DA77FAA 2016-02-25 [SC] [expires: 2020-02-24]
 uid                   [ unknown] Sukhbir Singh &lt;azadi#riseup.net&gt;
 uid                   [ unknown] Sukhbir Singh &lt;sukhbir#torproject.org&gt;
 sub   rsa4096/0x1AF20C043D9F9289 2016-02-25 [E] [expires: 2020-02-24]
+      Key fingerprint = 4403 733D 7141 9BF1 8617  4988 1AF2 0C04 3D9F 9289
 
 </pre>
 <h3>other</h3>
@@ -180,6 +209,8 @@ uid                   [ unknown] Peter Palfrader
 uid                   [ unknown] Peter Palfrader &lt;weasel#debian.org&gt;
 uid                   [ unknown] Peter Palfrader &lt;peter#palfrader.org&gt;
 sub   rsa2048/0x8602C8203872331F 2014-05-04 [S] [expires: 2020-09-01]
+      Key fingerprint = B383 D785 A8C9 2FDE BC06  0376 8602 C820 3872 331F
 sub   rsa2048/0xE377AED938E4E080 2014-05-04 [E] [expires: 2020-09-01]
+      Key fingerprint = 0BF9 8225 6E85 3044 9E69  D6C7 E377 AED9 38E4 E080
 
 </pre>
diff --git a/include/subkey_fingerprints.wmi b/include/subkey_fingerprints.wmi
index e556dab2..f113628f 100644
--- a/include/subkey_fingerprints.wmi
+++ b/include/subkey_fingerprints.wmi
@@ -1,5 +1,2 @@
 #!/usr/bin/env wml
-5242 013F 02AF C851 B1C7  36B8 7017 ADCE F65C 2036
-BA1E E421 BBB4 5263 180E  1FC7 2E1A C68E D408 14E0
 1107 75B5 D101 FB36 BC6C  911B EB77 4491 D9FF 06E2
-A430 0A6B C93C 0877 A445  1486 D148 3FA6 C3C0 7136

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits