Home |
Licence |
FAQ |
Docs |
Download |
Keys
Mirrors |
Updates |
Feedback |
Changes |
Wishlist
We are currently in the process of setting up GnuPG signatures for all the PuTTY files distributed from this web site, so that users can be confident that the files have not been tampered with. On this page we provide our public keys, and explain our signature policy so you can have an accurate idea of what each signature guarantees.
We supply two complete sets of keys. We supply a set of RSA keys, compatible with both GnuPG and PGP2, and also a set of DSA keys compatible with GnuPG.
In each format, we have three keys:
Therefore, we have six public keys in total. They are provided for download here:
| RSA: | Master Key | Release Key | Snapshot Key |
| DSA: | Master Key | Release Key | Snapshot Key |
The various keys have various different security levels. This section explains what those security levels are, and how far you can expect to trust each key.
These keys are stored without passphrases. This is necessary, because the snapshots are generated every night without human intervention, so nobody would be able to type a passphrase.
The actual snapshots are built on systems running on a company network (because that company happens to have a trusted member of the PuTTY core team working for it, and also has both Intel and Alpha NT machines capable of running scheduled batch builds).
To avoid having to trust that company with passphraseless keys, the
keys themselves are stored on an independently run Unix box outside
that company. After being built, the binaries are uploaded to this
Unix box and then signed automatically. (Another advantage of this
is that the external Unix box has a good /dev/random,
which none of the company machines do; this should help protect the
DSA snapshot key against the security flaw described
here.)
Therefore, a signature from one of the Development Snapshots keys DOES protect you against:
The Release keys have passphrases and we can be more careful about how we use them.
The Release keys are kept safe on the developers' own local machines, and only used to sign releases that have been built by hand. A signature from a Release key protects you from almost any plausible attack.
(Some of the developers' machines have cable modem connections and might in theory be crackable, but of course the private keys are still encrypted, so the crack would have to go unnoticed for long enough to steal a passphrase.)
Note that none of the PuTTY developers has an Alpha NT machine locally - the only one we have access to is the company-owned one used to build the nightly snapshots. Therefore, we cannot build Alpha releases with the same level of confidence we build Intel releases with. So the Alpha releases will be signed using the Development Snapshots keys. Only the Intel releases will be signed using the Releases keys.
The Master Keys sign almost nothing. Their purpose is to bind the other keys together and certify that they are all owned by the same people and part of the same integrated setup. The only signatures produced by the Master Keys, ever, should be the signatures on the other keys.
We intend to arrange for the Master Keys to sign each other, to certify that the DSA keys and RSA keys are part of the same setup. We have not yet got round to this.
We intend to collect third-party signatures on the Master Keys. We have not yet got round to this.
We intend to upload our various keys to public keyservers, so that even if you don't know any of the people who we get to sign our keys, you can still be reasonably confident that an attacker would find it hard to substitute fake keys on all the public keyservers at once. We have not yet got round to this either.