Useful cryptographic keys

Packaging

Our packages are signed with the Heptapod Packaging Team GPG key.

Fingerprint of the main key: 7DD5B49DBA3826D9D03BFE8387F6D64CA83C4416

Warning: 2024 change of subkey

As of 2024-04-28 the previously used subkey for signing has expired and and new key has been issued. You will need to reimport the key and will be able to check that everything is fine.

Importing or updating the public key

$ curl https://heptapod.net/static/heptapod-packaging.asc | gpg --import
gpg: key 87F6D64CA83C4416: public key "Heptapod Packaging Team <packaging@heptapod.net>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Displaying fingerprint details:

$ gpg --list-keys --with-subkey-fingerprint packaging@heptapod.net

pub   rsa4096 2021-04-26 [SC] [expires: 2025-04-28]
      7DD5B49DBA3826D9D03BFE8387F6D64CA83C4416
uid           [  full  ] Heptapod Packaging Team <packaging@heptapod.net>
sub   rsa4096 2024-04-28 [S] [expires: 2025-04-28]
      33EB7A56E7E2BBC45E3723CA8D11CF04BFC97B03

The output above has been updated with the new subkey. Notice how the main key fingerprint is unchanged. Also if you set some trust previously on the main key, it should apply to the new subkey automatically.

For reference, here were the previous fingerprint details:

pub   rsa4096 2021-04-26 [SC] [expires: 2026-04-26]
      7DD5B49DBA3826D9D03BFE8387F6D64CA83C4416
uid           [  full  ] Heptapod Packaging Team <packaging@heptapod.net>
sub   rsa4096 2021-04-26 [S] [expires: 2022-04-26]
      12E4DA21FB43680A27F4EDFCA0AB681081F35BD6

Verifying a package

With gpg

Download the detached signature file alongside the package itself.

Example:

wget https://download.heptapod.net/rhgitaly/rhgitaly-1.4.0.tgz
wget https://download.heptapod.net/rhgitaly/rhgitaly-1.4.0.tgz.asc

Verify it:

$ gpg --verify rhgitaly-1.4.0.tgz.asc
gpg: assuming signed data in 'rhgitaly-1.4.0.tgz'
gpg: Signature made mer. 01 mai 2024 18:16:18 CEST
gpg:                using RSA key 33EB7A56E7E2BBC45E3723CA8D11CF04BFC97B03
gpg: Good signature from "Heptapod Packaging Team <packaging@heptapod.net>" [full]

Example of an old signature with the subkey that has now expired:

$ curl -OL https://download.heptapod.net/runner/binaries/heptapod-runner-linux-x86_64-heptapod-0.3.1
$ curl -OL https://download.heptapod.net/runner/binaries/heptapod-runner-linux-x86_64-heptapod-0.3.1.asc
$ gpg --verify heptapod-runner-linux-x86_64-heptapod-0.3.1.asc
gpg: assuming signed data in 'heptapod-runner-linux-x86_64-heptapod-0.3.1'
gpg: Signature made Mon 26 Apr 2021 03:30:52 PM CEST
gpg:                using RSA key 12E4DA21FB43680A27F4EDFCA0AB681081F35BD6
gpg: Note: This key has expired!
gpg: Good signature from "Heptapod Packaging Team <packaging@heptapod.net>" [full]

Since the signature is older than the key expiration, this is fine.

With gpgv

Alternatively, for servers and various scripts, you can store the key in a separate keyring and use the gpgv utility, once you have checked the key validity manually.

$ gpg --export packaging@heptapod.net | gpg --no-default-keyring --keyring ~/.gnupg/trustedkeys.kbx  --import
$ gpgv rhgitaly-1.3.3.tgz.asc rhgitaly-1.3.3.tgz && echo OK || echo FAILED
gpgv: Signature made Wed 20 Mar 2024 16:04:58 UTC
gpgv:                using RSA key 12E4DA21FB43680A27F4EDFCA0AB681081F35BD6
OK

gpgv exits with code 1 if the signature is invalid, which makes it practical to use in automated processes, as the example above demonstrates.

However, it does not check for validity nor expiration, assuming that you did by copying over to the trustedkeys keyring.

heptapod.host

SSH Server Keys

  • RSA (SHA256): OZ/IX5p7zU8DWQ3Xfya31Mg2nnmkuwZFtLbOMPfgBzM
  • ED25519 (SHA256): MG6q3rOmz25KBx1uy4MFPGY3CaoSIUMuBHqw9weCQbg

foss.heptapod.net

SSH Server Keys

  • RSA (SHA256): +n9EuD1VJHrrf6CTXxbWZ36toWAtFENbasNRejTJog0
  • ED25519 (SHA256): zLZX3eKgdOGFOZ3uf3Pu3QYRcVrAii9EjQ0dg09XGzk

Georges Racinet

Cloudcrane keys

SSH

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL65l9RFds86ZVrYfKlICUkclNpwviVHk3wLbFmHiO3m georges.racinet@cloudcrane.io

GPG

Fingerprint: 09719FFE0B476DC26923F8EEB8EB20361976F291

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZgE8lhYJKwYBBAHaRw8BAQdAxIaet5M+gLuV1rM7+g398d3u+XoVqvFKlF4m
2qs2uQ60L0dlb3JnZXMgUmFjaW5ldCA8Z2Vvcmdlcy5yYWNpbmV0QGNsb3VkY3Jh
bmUuaW8+iJYEExYKAD4WIQQJcZ/+C0dtwmkj+O646yA2GXbykQUCZgE8lgIbAwUJ
AeEzgAULCQgHAwUVCgkICwUWAgMBAAIeBQIXgAAKCRC46yA2GXbykVhvAQCCwCYA
S5OELW6covGZ4jWMUFtJzTjDMPPUWobmoPG8YgEA2BIe4CUMzQJ8TvSnw4MGLnSo
ZqU+O1CjF+vwx8P3jQeJAjMEEwEKAB0WIQS/VFb03GJUQ4SbbljuIMpE72kdOQUC
ZgE+OQAKCRDuIMpE72kdOZvRD/sHj2PObYm8iU1cd4WUlkPT3mOf0JjRVg6m4fv4
dl74JmljMMoBULh1gSolorhSYAzub01ro7SybjZEoBX6nrtfmw4kUsDBX/b+VHEm
XywejJgp8nFk1JhqcBkEAXx3MB7Pu6c+Ek1SCcqi4z16Jw8667TRbYN26utN+Nhr
z0tefAYn/e+fqDxYCnN54aUWtPWzVvbGxV1qhMu9aNgGOZIl6hy9M8HQ0XU6ubE8
5tRlquCWS3JWd+OEFjIN4z2zhnewdEbtdibgN6FpOuOXepJOEfzZgUeiXvKbBn6a
I52ZS+CS0L8I2fR4hzUEPK2kQnLp3rmmgs4iiEvyODFIZPcfE+3m0byhKnGdGE9c
0GLCwD4jg8KqutVP0XIuvk+Uh+/SRy04GUOxG5Z5C1pcSoyFWSR/jQY7LWdKpxxl
NjU8tI0iwDqNvo+/hhgpT2+QIrBzn8S51IzoxC24rLowr7Ze+LjNwrKIf56SUfkB
aL+k9ZrGxrzVSqUlB0TUW7jdyKVjD2GiElOmkGrvPruVYURgJLNjeLrRgNe62zWE
d7mjVXGkeMCztLD/TINeEpZAUW91rwTVZmgqg7MxruoOSRDESWnplKWQ/64Knj/s
2uOzV0XGErTcSTNKuP8veXw/6e9qX5mhd9JEkKUXCVcIbYLyqu1sfyzF8s9tPylR
OQ9Lv7g4BGYBPJYSCisGAQQBl1UBBQEBB0BfkD5qiNEzr36r03W84W7yvxYqeDhJ
Z+fLxDmKDIL0HAMBCAeIfgQYFgoAJhYhBAlxn/4LR23CaSP47rjrIDYZdvKRBQJm
ATyWAhsMBQkB4TOAAAoJELjrIDYZdvKRhIwBAMQ2w1JGulqpYmllJCDhoSYjYkI+
iFwEW8rwR59VtPqwAP9ZWxCXIeX+DpdYQUK/hqTcwk9YLiB1Elqfm5fQG3dACQ==
=LBb3
-----END PGP PUBLIC KEY BLOCK-----

Octobus keys

SSH

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxUQvWvG21TMiUU3JSjw0vFeC94vkQVWtiw6macLBOXtSPisa6S6Y0uCPbOTaXUgeQBq1ncjPBsU2NqS12PDqxS4UM8e0X9BPOfQw04Guv8cZUbHvywqCMP2+qDwGcVteaELHW8OwcOVfLyz/qVa4jPpnGotYzUSKI+rOcFALZY6PZvJCdGF2So9j3ltDLiD4peZL8aiGDsAJIVTNgzRL3zjFAccMt0eQKSB4I8yOMHjEhlEiyumFX/u3qyFgZokeRsvRlEYAE1Q3sy6HxbAfP8TXJDiAXlnOZOeW4UG6kfM0ofV/bhDgV/dpWHDtdSxa+1JuB/U8RLy6FxFFBzmbjIh0WwAd4YneU9gzrpu2sVoNIHuTt9cs5k9LzBNlOkrFvKyx6L30kELyhbm0O1LbHFOp8tA0QtRo/r1ZB0vkEn/bi4njQ9KbVFvT7xfRHHncFv1Js+TsEK/L769Tn62MzHhCgou+LZh6VSTJfHig4H31FHRD2lK1Uh1IxoBeYibyxCELh48ummchK0Wp2ZEShA6+R8plrBaXWWW7q+qO0UfZ1ToVjkiWw6cYNohV2PcOyqLeE3j4xh18iMR7S2syMRo5qZK6H+54MKFHXjS74/ovBRtM97uhaorzRNFvUdp5zwxG0j2rOi8IlylvPJhE7tVJrlKQoidD/AcztD9hAlQ==

GPG

Fingerprint: BF5456F4DC625443849B6E58EE20CA44EF691D39

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFkYSl4BEADlPpVWsTIWxCg8S9O906rH+YAipaIvYtBpOTyHKwmpEDJv4Gkv
PrfyP4+f+cca+CI2IzoVemVfFXBzlcmCf+bwxsvbNp3epymQ8tzmldknXpDlAyPV
fYfL6BVHNwFPE7qAi305dMlIBL153V2Qs3I3agg/moNXbEdnJofmkQH7XMRIq5Ko
rDaGXbzSjKbvJeGVUHooHGFt319P5N+Nmq6ztitz4sHoYA+LLT9oYb0eIoLo7jWw
2b/Om3CksV5r+Xj65eYPnkxN9dUP4QZQtzcPG917FUht+6HT1NBtLLvnlpj7ORTG
2ytf8veCcenWmW07PS2ig/GQ8URIlxjypi3WAjsW9kJrg2LY6Qzkeqgk3U0BVi8R
+9TcJDrulpLVleNPoaEvfa5Ddf3Sc8y77d+GkPRmcUvHrbfqVHWb3X6xbWK3bOHs
cIWq9hRfcdfYLngJ9xl44nQrB+KqKk2Gy73dOFw24SwHseH2bmSp68GK23VWRHHM
/Dkm8BZ8gQMKL9J1eLjXKbOb0ER6xEPnf/bEe9XPg0OFdOHrVv5ai36p/CmvJa7P
IjvBY+KFuZSBtfVXE3QzGcgrfDeByCcUAfSusfI/UwAuHyT9BpsuCB7PDVdET9ut
RKjFjvC0Y7lmVJ5FE3e7Q/EKRXaU92cG7whGrQTtvzthBmI6060HiYBtWQARAQAB
tCpHZW9yZ2VzIFJhY2luZXQgPGdlb3JnZXMucmFjaW5ldEBhZnVsLm9yZz6JAjcE
EwEIACEFAlkZjKkCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ7iDKRO9p
HTmv9A//fUiZf8J+ySLVz9rBFhrVdy7/VGonbXP41bb1K5yettGEtQ620LXB8N3t
Qxe6bFdObeOs0Hx6rsvAyR+QAxmnEx8ZWvzQ404C3qYGi3cSVH1gHRIMt61DvYbR
dQ+ayx1pJG6gHe+4bq8kFw0LfBrK6HvTgPW+0euzrwSuzfAGsXnJC6tzjEmIAQ5s
htRBLrDh5BMuv8EFmwzxHa9c+jk8DS1FOrIxDSMWYVeQh6QkpOQ4EK2mHIqPZdWX
KOPwV3i6q92TJp5YoVoOavzS8ZH7zKCYd5SugG4H82T08SqbTlJn/tT1IRJ4I8gF
NTrBF908868/pJ6dmkrqgBKoMI+xdldX3bJr5cByN7WHPWo6tSl7I8pDLodfQ350
/d8G42Gr0hIVZW21+Y78hRHSjzOhwGyaKZ6pemnpsIUIaFibtNYk2F1bgoeO2ZDu
W9HdJ8KI7+3gNyWSrkZrVuW0zzpNWw6dJo1fK9L6j/tRSCPXLtbIUrTIh1FAfZxT
LeVasLDFzrRxTx7+PBTVeh8RpK94CaOROFaKV8d+kGIh1Dp0Y2FjEGJy1fpxZGRU
jNSlb4Ya89lJs8X/VvI1NDAhxtRkSnb1OyLbpl0JOqQOhGuM4rtILeipWGDdRM3e
smzO+HnXMkNKXaJXnch70E8W6oFQZTsNIWyskHf+4Wzs9jA0nzi0JEdlb3JnZXMg
UmFjaW5ldCA8Z2Vvcmdlc0ByYWNpbmV0LmZyPokCTgQTAQgAOBYhBL9UVvTcYlRD
hJtuWO4gykTvaR05BQJZGEpeAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
EO4gykTvaR054jAQAIzegRrLhtkKswN1C7hfnahGv+nhLpTIhcGNwwpPol0m2TN+
Cv72b9HN0Wm5y6QMBjHXK15nR7yM1w2TlBTcEPvhRF9cjTJhO+PtTKu3yorBoX1L
Du3AFGcOIERb6HQ34uGZv0z/XrV9HckLBTl9s0+LUhpgrE5n8tr9miP//14tvxtQ
dzeLXQI6e23SY6bFeeE1Im6hdvU1IK3oIsm7o9i/RSB2ovbRbhYC1mLY1b0PWspT
MVdqI8oJ0TprYzm579VoitGXdah2htRhVtp1InUHXmoNzvoMty1Xtc6KFLdgCC3z
/ja6Z1S8qr6C9meRSmJt8/HsLTa4JK3ILzpycy/U4DU4TUzAXDwGa4xD7pJOWGRv
8WXgybIq0UQsLcpmQUOOvaV2OwFVxCaN1+2Irq4mC4tNcLDvxaZ70YMcr/HzTII7
8C0MUlT64m5c9dly+Pl9XijB5ww61ZSWj0G+rIhx4CrlE+dBMRVRNOFO99TcQe2/
Von36Td+nG2qQ2+7AkuTd2qzISKXiwOcVsP1lVNANjY9ksh7HowwWSOmesEvycdL
7M6PxLowJPcKip29shCU2liQt14OKXXHsMaoN6WMwrTAcWgxr8AmPUqpz/11KZe6
6q0DdV1N+Hd/kXb0qYL/9r94WWEUs0M6x/2zmwkxIQ28VjBQmkJY/+95hbmYtCRH
ZW9yZ2VzIFJhY2luZXQgPGdyYWNpbmV0QGFueWJveC5mcj6JAk4EEwEIADgWIQS/
VFb03GJUQ4SbbljuIMpE72kdOQUCWfdwQAIbAwULCQgHAwUVCgkICwUWAgMBAAIe
AQIXgAAKCRDuIMpE72kdOWi3D/4zS4KJ37UEQEmnqldGRq6qb2s79ZzPpMVLWmE6
kjfeQqQiJzvvwpXcZW66Kh5I5FbM5Zx27DHuZa3zTo71iVx9E1Gf4qTN0Z0eTfVq
0t1AxA19TDBfWGKN+lAwRlAYRv+SsyaFtBNC4j/i4t+syjBg8SnK1YX4oGDjyWJb
c9VT5cjrI4d2rRSs5QysBwXFC8HDzENqlpTWdbmBEGS0SOvm0K2l04QG2N6H1eDw
1Y0ynlBMtSZt/qUVdC2UQV0vAwngKrPu7GXpObxxNwT0QrLqX117uXlNnaFZcoQM
8TwLD0iOVcEr+DzPvH4mjF+h7XT3Vy5TzW9ogZi91HU7rxXnLHtq1cCdUVzLcbEe
AyehtfF0S5QRqfT6roPSkvIKSbVs0dQTLe9RYDPy7Vs9s2VunF7jDNxEuZnJz9tP
4tT0kltUlztXTs7/0YGzdRF/zKIJ1gJLkNMgztmvgdm3SBNZDIVJqDEWd4Nhx5Fa
LaPIpr2Cte/yhlqRZyliPZKVybNXfsHR8QGHOhT8UjZV35CauT1Gut1ofAOxR8F1
3+zKywXnM0uzMDcooU3L+/J3sEGiYQUadrqswS/PDjKtJJYlyFs8+dLfK0LAAYWM
W3CAHwCloKpMiTcdqRlWK844rtOG2TpEMz2/QFqPFTjX7xLQqcgwJwS2SqZMO+c6
61N/wbQtR2VvcmdlcyBSYWNpbmV0IDxnZW9yZ2VzLnJhY2luZXRAb2N0b2J1cy5u
ZXQ+iQJOBBMBCAA4FiEEv1RW9NxiVEOEm25Y7iDKRO9pHTkFAlwt7psCGwMFCwkI
BwMFFQoJCAsFFgIDAQACHgECF4AACgkQ7iDKRO9pHTmehRAAmmqxgbugQG970GXL
wBlygNlApC1gj+JnzxOoD2Sav3qAY4mxY0mRSnPVevkeN0XoDxuapeRI95nCc2aU
SmSxB0pM+3ALrFaAcNPyhn6y3/PIxcAiNn4dUORANmDzl6wggreal+R1paNMME7F
Ww7wGb3l+y3IKhShm0/TplwP3nJj2Z5vGmJ6KwQbXd17fNh38eYWaoZA5+YrjxbS
BRKdFLfGXDySGF3jX04A2LfzJamSIxaJUZt1c3kIOtBTCjO5Wu361NFDaYPG5YCJ
4iUVag3zCBZ5kQFie+DmHv3GWOANWXBZn/WM9zlzhDZL7VKGxOXO2xuSA0Mni+KB
m4/GcaBYl5F/7omZJF196e5byGEILh7bAAfZgJbxWQ2qWMSL2MK8VrBfBPMs/Im/
o/vowkpAdI6xX4JQ6Ukj0uERXkbb1ULeFvm70I9IR3m5ihrqLqcs7g/izeHSr/on
AV8EhsLeT8p6r8UBbWCLqAX44O4mtcwP8M8M30HwbORd9+qAz2tPzV967/l51V9F
mgxrvoduWUF4icJlUiv+FNyY6DH2osJrULVy9A+RODmkh2a133Z2fPYbIuSfvBZT
xfowqlRSpHaAnsnI3YJUAnM5Aw2KScTQ234LmGG14g6OSs7HxzjzojtDhmwfWwXd
oGo00kOoW8K9KBm8Zg/QxV9O3He5Ag0EWRhKXgEQAK+ddp6r8LMs6C92fxisN7hH
FRQaMv6gMsUck+XcOD+uGtkyDvxmBCmYgmuGvTnCo4JpzrGcQvtpQmA2noXVBsFx
wECIa7LUEAk4bSpJ6pk5bFbApMN8c0SlrSLGz4no9u1qXFqu0hkhjRWthBEyI6QO
1xm6d8FQ0Tjx0jN4LvIyaB5KgnE0fomu1u1z+Od9kRSZk82+5ozZMXm242ccEGko
FL60HmAqGoKY/In7SbiOHePCKzREvJdM3zU4DU2zPqxr/Qw2jyQH+rQTuUCva41+
TiHNCBhKStbao9JhtblcdBhC54dPPf2MT62hYwlb5SRKdJtbJ3gjPwpZ1T2ievSo
OYf4esGrwhXUKhqHV67+0mV4I7UrANIHlDNE3uw/4YrmvBg1Kwhk110pgGthFNIO
wKAmn6Oi5G/J7nAhnwtrD+2J32NckO7nZGkqUgybvUyEIWiMcwpD/vLKIxS/PiIk
KrF5APQoBomUwS3AgW7UGvwRG7P1YFmyNa2vFOVDgM7FSi94C0vDu8SD4BsDSR1a
nutbCxgftl8sJj8nYKSvvLwWeWAPP+vbOkn9ndfJ+pjs1AXxFEZ4ftnXB63pCmX+
YfbbtJyfJRmbGqLNCZybYw/d5K4VERaP+VJLv20hcXYuD5rqw/LJrK6/mFmmvqeq
eMFW8arzCFKAJ6iRaMyBABEBAAGJAjYEGAEIACAWIQS/VFb03GJUQ4SbbljuIMpE
72kdOQUCWRhKXgIbDAAKCRDuIMpE72kdOfmTEACCBmwPRgTTxIM/N9e/rl+i6rfn
CxDfAP605a+AXz7KATF4MtgShAZdYfM1Ye3jG/pja71kTCa5z7htEYJbxeXuWJCO
waqIOVCSPI2xSWPZ4n8V71lXj85SsArqbR25MWqbz1guC4JWMjkHIxhi8/ASGbOo
fIZLk7JxOxKSVso0GToURFSJ5S76JQ0eQmTL/COPEkOra7PhfJCEH9ZFB4CiPRHi
f2vf5yYAX2GQNQNS7S37fxkxYS4IB5XQvnehdbcrsji8n9en3rl0ztrMbUp2Ru3J
2QTu0zBSOaLKg/PpAAkO2L0I9fnuSwktxRbNTlI7In3FwI70EZK7HctIGidvMllj
VtZKP+X1NZmugL0a6hNJQmEZQzQ+B9/bPYlz02J4ycrkHIuVBltZb1lPxhhe4zDl
YcRZMuAumvRq4Kyv5gRPpBp0v+N+ep6qittkQpLmgzb7GMt0YvlH0n6pdAPR9IoB
6614m3lepnJMUbz9YU7DNnYVJ2qbScORsIddJ7DXcHMyUE/a6dDfcjV61h+vwe5s
2+Hq/ehyybN8vUoVEV2JzXNeqiKYCIeJQN/6cq0eUpm0BB8ff+eG+6dVPCt6Vrjo
x3uoRuZotlCEFkr9T0QOaVFQi5rdkzR93DTXX7qUjOaxb5aUJHaDNo8PJjId4cCz
sNGEiEY7H8AiNH63uw==
=Rvgk
-----END PGP PUBLIC KEY BLOCK-----