Home Page Download Manual GitHub Mediawiki Mailing lists Contributions Related links

Release Signing

Crypto++ releases are signed using a key of one the individuals who are authorized to release Crypto++. Authorized individuals roughly means folks with check-in privileges. There is no single project key shared among authorized release personnel.

The list of collaborators who are authorized to release with their key are listed below.

Name Key
Wei Dai -
Jeffrey Walton B8CC 1980 2062 211A 508B 2F5C CE05 86AF 1F8E 37BD
Uri Blumenthal -

Individuals who have release authorization are expected to:

  1. Announce their current key on the mailing list
  2. Announce changes to the current key on the mailing list
  3. Publish their current key on this wiki page
  4. Publish their current key to a well-known keyserver
  5. Publish changes to the current key on this wiki page
  6. Store the key offline with passphrase protection

Signing keys should be 3072-bit RSA and signatures should use SHA-256. Other algorithm choices, like Ed25519 or SHA-3, will likely cause interop problems for some folks on some platforms.

Changes to the signing key should be retained on this page. That is, don't delete a former key if updating to a new key. Retain the old key for record keeping.

The key should be stored offline with passphrase protection. For example, burned to a CD and then stored in a fire resistant lock box. The key should not be online, and should not be under control of a key manager to automatically unlock it.

Note that Wei is listed, but he probably won't sign a release. Wei is busy with other duties, and he leaves the day to day operations to others involved in the project.

Related information can be found at Apache Release Signing and Release Signing on the Crypto++ wiki.

Jeffrey Walton

Key fingerprint = B8CC 1980 2062 211A 508B 2F5C CE05 86AF 1F8E 37BD

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBFwlSggBDADclzJ4pgefT7BKm1OAoxp4NeqZzpU7f+70eyG9WlHxk0YUBKL4
s4wbsF2nub5YmCQ0vqXmfeyElbdYqCxXVygUOm64LlzsuRXw30gwupSg2xu0j7V1
WQCoWWG1j1XZ4pDTo9tYXiUztFHjfWD2oNjMUgEjo3jSdgAhY7re/sD+jNEjFnKc
N0h8tquivpu8gqcobeCVUyMLd/n4M5Fw9TSCPZUrz1/Dfi+Cn0ODwmknuP3hH3dg
I1pT7StEtZkq5tzQI2LPs/ItbvmwQWLWYCXQ6HsHSkFgDJc3kqV3EVvzM9/j+ynh
waSThXNCPNORk487oD4CfeCgC6pXQuQBkv+Ts+porX8k59LpRmb7oszU1tOMHXEn
Z2my/ljVonn6ibMvpLQrEscyFrQbjO8suv2TS1MuEnlEWXhT9INCmcTqDVKOC7WC
Xnh2JEOEGe8ONaYuLw+Y+8TQ+uuyEue/yeiTVUpEB6ezOf5Je4ziFTze/Zq7ga9y
iOFF5Lesem7llSEAEQEAAbQ2SmVmZnJleSBXYWx0b24gKENyeXB0bysrIFJlbGVh
c2UpIDxub2xvYWRlckBnbWFpbC5jb20+iQG+BBMBAgAoBQJcJUoIAhsDBQkJZgGA
BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDOBYavH443vTJoC/4j8vzpbPbh
tcnTZqC+rzfhSmqUGR024B5MkuETwi+AHwYcOzz/IKBYaIknqZ9P9q49gAthpiCO
NE/OSf0YavJRFZ/diOcSmGP5m5yYGaA7ksrq+/82rFAANq3gpiMXuk/6xWpaRCvR
0LTGLbGcKmAE37/CpTXb+YJxMciaKQvb45yhcSnVAR1Ool+hQxZS/OYsOXzjRVMp
5dPivez3jEk+EJgirSCk/hkxc6Sh0HgI257IAuYHzqF000ahl7uJ9DBLkdglOD03
HwTA4kU9i+wlwWfkJRztDhvTy3qK5WnwN7eh88Wy4H7tIIG3CybGKwqjgu2wu7Nh
ghc1ZrVMU0mSVmXDZ+ZWPgze8eLqoMDqdFzm4lWYTGl+gb6gIbg9dnU9p1YRtnXw
/lUx0nnj33R/9LKKkTK5zmwnqdJ/lU3X0mGf1VyFzjpMrBE9mCkbnC7kOEiNh7kS
/KdN9BoaX5M4e9LtohIobLsXfVQCWWOHePD1gQsbspksHA/GC/EyGN8=
=Yi2N
-----END PGP PUBLIC KEY BLOCK-----