Tails developers maintain several OpenPGP key pairs.
Make sure to verify the keys that you download, because there are several fake and maybe malicious Tails keys on the key servers.
For example, if you first authenticate the Tails signing key through the OpenPGP Web of Trust, then you can verify our others keys as they are all certified by the Tails signing key.
Signing key
Purpose
This key only has the capability to sign and certify: it has no encryption subkey.
Its only purpose is:
To sign Tails released images
To certify other cryptographic public keys needed for Tails development
Policy
The secret key material will never be stored on an online server or on systems managed by anyone other than Tails core developers.
Primary key
Is not owned in a usable format by any single individual. It is split cryptographically using gfshare.
Is only used offline, in an air-gapped Tails only communicating with the outside world through:
Plugging the Tails flash media in another operating system to install Tails in the first place.
Plugging other removable media in the air-gapped Tails to send the public key, secret key stubs, parts of the secret master key, and so on to the outside world.
Plugging other removable media in the air-gapped Tails to receive Debian packages, public keys, and so on from the outside world.
Expires in less than one year. We will extend its validity as many times as we find reasonable.
Has a revocation certificate split amongst different people. See the details of the mechanism.
Signing subkeys
Stored on OpenPGP smartcards owned by those who need them. Smartcards ensure that the cryptographic operations are done on the smartcard itself and that the secret cryptographic material is not directly available to the operating system using it.
Expiration date: same as the primary key.
Key details
pub rsa4096/0xDBB802B258ACD84F 2015-01-18 [C] [expires: 2026-01-13]
Key fingerprint = A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F
uid [ full ] Tails developers (offline long-term identity key) <tails@boum.org>
uid [ full ] Tails developers <tails@boum.org>
sub rsa4096/0xD21DAD38AF281C0B 2017-08-28 [S] [expires: 2025-01-25]
sub ed25519/0x90B2B4BD7AED235F 2017-08-28 [S] [expires: 2025-01-25]
sub rsa4096/0x7BFBD2B902EE13D0 2021-10-14 [S] [expires: 2025-01-25]
sub rsa4096/0xE5DBA2E186D5BAFC 2023-10-03 [S] [expires: 2025-01-25]
sub ed25519/0x8E9567D327792707 2024-05-23 [S] [expires: 2026-01-13]
sub ed25519/0xFE2C600D5BB759B5 2024-05-23 [S] [expires: 2026-01-13]
sub ed25519/0xC69FF0E4C08F8209 2024-05-23 [S] [expires: 2026-01-13]
sub ed25519/0xBC8BD3DAC9CD2979 2024-05-23 [S] [expires: 2026-01-13]
How to get the public key?
To get this OpenPGP public key, download it from this website: tails-signing.key.
If you already have Tails signing key but download it again, it can update the list of existing signatures of the key.
User support key
Purpose
Encryption
Use this key to encrypt private support requests sent to support@tails.net.
This same key is used to handle WhisperBack reports.
Policy
The secret key material and its passphrase are stored on the server that runs our encrypted mailing list software and on systems managed by core Tails developers.
Key details
pub rsa4096 2013-07-24 [SC] [expires: 2025-11-07]
1F56EDD30741048035DAC1C5EC57B56EF0C43132
uid [ full ] Tails bug squad <tails-bugs@boum.org>
uid [ full ] Tails bug squad (schleuder list) <tails-bugs-owner@boum.org>
uid [ full ] Tails private user support <tails-support-private@boum.org>
uid [ full ] Tails bug squad (schleuder list) <tails-bugs-request@boum.org>
uid [ unknown] Tails user support <support@tails.net>
sub rsa4096 2013-07-24 [E] [expires: 2025-11-07]
How to get the public key?
There are multiple ways to get this OpenPGP public key:
Download it from this website: tails-bugs.key.
Fetch it from your favourite key server.
Press team key
Purpose
Encryption
- Use this key to encrypt private emails sent to press@tails.net.
Key details
pub rsa4096 2024-04-30 [SC]
C54B2D6C229607035EECE4D83114691BD78DF1ED
uid [ unknown] press@tails.net <press@tails.net>
uid [ unknown] press@tails.net <press-request@tails.net>
uid [ unknown] press@tails.net <press-owner@tails.net>
sub rsa4096 2024-04-30 [E]
How to get the public key?
There are multiple ways to get this OpenPGP public key:
Download it from this website: press-tails-net.key.
Fetch it from your favourite key server.
Board key
Purpose
Encryption
- Use this key to encrypt private emails sent to the Board.
Key details
pub rsa4096 2024-04-30 [SC]
2DC4FED9D88C30D95A92675788E24FE2064F1511
uid [ unknown] board@tails.net <board@tails.net>
uid [ unknown] board@tails.net <board-request@tails.net>
uid [ unknown] board@tails.net <board-owner@tails.net>
sub rsa4096 2024-04-30 [E]
How to get the public key?
There are multiple ways to get this OpenPGP public key:
Download it from this website: board-tails-net.key.
Fetch it from your favourite key server.
Accounting team key
Purpose
Encryption
- Use this key to encrypt private emails sent to accounting@tails.net.
Key details
pub rsa4096 2024-04-30 [SC]
EC58494A6333D0384DD5744DA38F0F6E9A0A234E
uid [ unknown] accounting@tails.net <accounting@tails.net>
uid [ unknown] accounting@tails.net <accounting-request@tails.net>
uid [ unknown] accounting@tails.net <accounting-owner@tails.net>
sub rsa4096 2024-04-30 [E]
How to get the public key?
There are multiple ways to get this OpenPGP public key:
Download it from this website: accounting-tails-net.key.
Fetch it from your favourite key server.
Fundraising team key
Purpose
Encryption
- Use this key to encrypt private emails sent to fundraising@tails.net.
Key details
pub rsa4096 2024-04-30 [SC]
DA1C7908D1C0DC9EAA5915BC3A5B5685A641297B
uid [ unknown] fundraising@tails.net <fundraising@tails.net>
uid [ unknown] fundraising@tails.net <fundraising-request@tails.net>
uid [ unknown] fundraising@tails.net <fundraising-owner@tails.net>
sub rsa4096 2024-04-30 [E]
How to get the public key?
There are multiple ways to get this OpenPGP public key:
Download it from this website: fundraising-tails-net.key.
Fetch it from your favourite key server.
Foundations team key
Purpose
Encryption
- Use this key to encrypt private emails sent to foundations@tails.net.
Key details
pub rsa4096 2024-04-30 [SC]
621609457A166C993245FFCA5F6B02630DDDE331
uid [ unknown] foundations@tails.net <foundations@tails.net>
uid [ unknown] foundations@tails.net <foundations-request@tails.net>
uid [ unknown] foundations@tails.net <foundations-owner@tails.net>
sub rsa4096 2024-04-30 [E]
How to get the public key?
There are multiple ways to get this OpenPGP public key:
Download it from this website: foundations-tails-net.key.
Fetch it from your favourite key server.
Sysadmins team key
Purpose
Encryption
- Use this key to encrypt private emails sent to sysadmins@tails.net.
Key details
pub rsa4096 2024-04-26 [SC]
0082D4D63B722D1FA27518A5C8F12D2B1AE1CB26
uid [ unknown] sysadmins@tails.net <sysadmins@tails.net>
uid [ unknown] sysadmins@tails.net <sysadmins-request@tails.net>
uid [ unknown] sysadmins@tails.net <sysadmins-owner@tails.net>
sub rsa4096 2024-04-26 [E]
How to get the public key?
There are multiple ways to get this OpenPGP public key:
Download it from this website: sysadmins-tails-net.key.
Fetch it from your favourite key server.
Translation platform admins team key
Purpose
Encryption
- Use this key to encrypt private emails sent to the admins of the translation platform at weblate@tails.net.
Key details
pub rsa4096 2024-04-30 [SC]
EFECA896F429B066B83E0266B702FE73C485A41D
uid [ unknown] weblate@tails.net <weblate@tails.net>
uid [ unknown] weblate@tails.net <weblate-request@tails.net>
uid [ unknown] weblate@tails.net <weblate-owner@tails.net>
sub rsa4096 2024-04-30 [E]
How to get the public key?
There are multiple ways to get this OpenPGP public key:
Download it from this website: weblate-tails-net.key.
Fetch it from your favourite key server.