rpms / cryptopp

Clone
Source Code
GIT

Files

el6 epel7 epel8 epel8-playground epel9 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f8 f9 main rawhide
  1.   rawhide
  2.   keyring.gpg
Blob Blame History Raw 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
  <meta name="generator" content="HTML Tidy for HTML5 for Linux version 5.2.0">
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  <title>Crypto++ Library | Release Signing</title>
  <meta name="description" content=
  "free C++ library for cryptography: includes ciphers, message authentication codes, one-way hash functions, public-key cryptosystems, key agreement schemes, and deflate compression">
  <meta name="keywords" content=
  "Crypto++, CryptoPP, crypto, cryptography, cryptographic, security, free, open source, public domain, library, C++, SSE2, SSE4, AESNI, RDRAND, RDSEED, NEON, ASIMD, cipher, ciphers, code, codes, scheme, schemes, hash, digest, cryptosystem, key agreement, AES, DH, RSA, DSA, DES, SHA, HMAC, HKDF, elliptic curve">
  <link rel="stylesheet" type="text/css" href="cryptopp.css">
</head>
<body>
  <!-- Child pages menu bar at top of page. Differs from home page -->
  <table border="0" cellpadding="8" cellspacing="0" bgcolor="#FFFFCC" summary="Menu bar">
    <tbody>
      <tr>
        <td><b><big><a href="index.html">Home Page</a></big></b></td>
        <td><a href="index.html#download">Download</a></td>
        <td><a href="docs/ref/">Manual</a></td>
        <td><a href="//github.com/weidai11/cryptopp">GitHub</a></td>
        <td><a href="wiki/">Mediawiki</a></td>
        <td><a href="index.html#lists">Mailing lists</a></td>
        <td><a href="index.html#contributions">Contributions</a></td>
        <td><a href="wiki/Related_Links">Related links</a></td>
      </tr>
    </tbody>
  </table>
  <h2>Release Signing</h2>
  <p>Crypto++ releases are signed using a key of one the individuals who are authorized
  to release Crypto++. Authorized individuals roughly means folks with check-in
  privileges. There is no single project key shared among authorized release
  personnel.</p>
  <h3>Collaborators</h3>
  <p>The list of collaborators who are authorized to release with their key are listed
  below.</p>
  <table style="border: 1px solid black; border-collapse: collapse;" summary=
  "Release signing keys">
    <tr style="1px solid black; border-collapse: collapse;">
      <th style="border: 1px solid black;">Name</th>
      <th style="border: 1px solid black;">Key</th>
    </tr>
    <tr style="border: 1px solid black; border-collapse: collapse;">
      <td style="border: 1px solid black; padding: 5px;">Wei Dai</td>
      <td style="border: 1px solid black; padding: 5px;">-</td>
    </tr>
    <tr style="border: 1px solid black; border-collapse: collapse;">
      <td style="border: 1px solid black; padding: 5px;">Jeffrey Walton</td>
      <td style="border: 1px solid black; padding: 5px;">B8CC 1980 2062 211A 508B 2F5C
      CE05 86AF 1F8E 37BD</td>
    </tr>
    <tr style="border: 1px solid black; border-collapse: collapse;">
      <td style="border: 1px solid black; padding: 5px;">Uri Blumenthal</td>
      <td style="border: 1px solid black; padding: 5px;">-</td>
    </tr>
    <tr style="border: 1px solid black; border-collapse: collapse;">
      <td style="border: 1px solid black; padding: 5px;">FIPS DLL</td>
      <td style="border: 1px solid black; padding: 5px;">-</td>
    </tr>
  </table>
  <p>Note that Wei is listed, but he probably won't sign a release. Wei is busy with
  other duties, and he leaves the day to day operations to others involved in the
  project.</p>
  <h3>Verification</h3>
  <p>You should use GnuPG to verify a release signature. Be sure the public keys used to
  sign Crypto++ are installed.</p>
  <pre>$ gpg --quiet --verify cryptopp820.zip.sig cryptopp820.zip
gpg: Signature made Sun 28 Apr 2019 07:41:05 PM EDT
gpg:                using RSA key CE0586AF1F8E37BD
gpg: Good signature from "Jeffrey Walton (Crypto++ Release) &lt;noloader@gmail.com&gt;"</pre>
  <h3>Jeffrey Walton</h3>
  <p>Key fingerprint = B8CC 1980 2062 211A 508B 2F5C CE05 86AF 1F8E 37BD</p>
  <pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBFwlSggBDADclzJ4pgefT7BKm1OAoxp4NeqZzpU7f+70eyG9WlHxk0YUBKL4
s4wbsF2nub5YmCQ0vqXmfeyElbdYqCxXVygUOm64LlzsuRXw30gwupSg2xu0j7V1
WQCoWWG1j1XZ4pDTo9tYXiUztFHjfWD2oNjMUgEjo3jSdgAhY7re/sD+jNEjFnKc
N0h8tquivpu8gqcobeCVUyMLd/n4M5Fw9TSCPZUrz1/Dfi+Cn0ODwmknuP3hH3dg
I1pT7StEtZkq5tzQI2LPs/ItbvmwQWLWYCXQ6HsHSkFgDJc3kqV3EVvzM9/j+ynh
waSThXNCPNORk487oD4CfeCgC6pXQuQBkv+Ts+porX8k59LpRmb7oszU1tOMHXEn
Z2my/ljVonn6ibMvpLQrEscyFrQbjO8suv2TS1MuEnlEWXhT9INCmcTqDVKOC7WC
Xnh2JEOEGe8ONaYuLw+Y+8TQ+uuyEue/yeiTVUpEB6ezOf5Je4ziFTze/Zq7ga9y
iOFF5Lesem7llSEAEQEAAbQ2SmVmZnJleSBXYWx0b24gKENyeXB0bysrIFJlbGVh
c2UpIDxub2xvYWRlckBnbWFpbC5jb20+iQG+BBMBAgAoBQJcJUoIAhsDBQkJZgGA
BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDOBYavH443vTJoC/4j8vzpbPbh
tcnTZqC+rzfhSmqUGR024B5MkuETwi+AHwYcOzz/IKBYaIknqZ9P9q49gAthpiCO
NE/OSf0YavJRFZ/diOcSmGP5m5yYGaA7ksrq+/82rFAANq3gpiMXuk/6xWpaRCvR
0LTGLbGcKmAE37/CpTXb+YJxMciaKQvb45yhcSnVAR1Ool+hQxZS/OYsOXzjRVMp
5dPivez3jEk+EJgirSCk/hkxc6Sh0HgI257IAuYHzqF000ahl7uJ9DBLkdglOD03
HwTA4kU9i+wlwWfkJRztDhvTy3qK5WnwN7eh88Wy4H7tIIG3CybGKwqjgu2wu7Nh
ghc1ZrVMU0mSVmXDZ+ZWPgze8eLqoMDqdFzm4lWYTGl+gb6gIbg9dnU9p1YRtnXw
/lUx0nnj33R/9LKKkTK5zmwnqdJ/lU3X0mGf1VyFzjpMrBE9mCkbnC7kOEiNh7kS
/KdN9BoaX5M4e9LtohIobLsXfVQCWWOHePD1gQsbspksHA/GC/EyGN8=
=Yi2N
-----END PGP PUBLIC KEY BLOCK-----
</pre>
  <h3>FIPS DLL</h3>
  <pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 7.0.3 for non-commercial use

mQENBDzaotcBCAC3aWI+qiQT+CQd6XlikJHLQuNnOpi7/S7aYSu4PwM4WWYtff06
x/cCwSrss9JjZYjAEIC6I0v6eMr471BlXPLt77jSjMy5ws4thd7vHA1t9lhYxeS7
prTmCX/rrLNDw3VimoytCkPFBiMCeBHWcBf5WFYfeqhD7r+l+NBFfnvhz8Gr0ELb
dJPTPnJ9puRKEKr295U2n/SVkaAzDcrDOQWtiDHPi3wG+bflt9S8UR9XDEoN3uYr
P8MAr0br+YK4BwVFZxq9XXwOHtUlpwQDBYL6iMNOiB55ll4cdaOWfjX4F9jQZRTU
uDARrnkgjEsgXJNweMRzN42ZAPmbR3AQg27XABEBAAG0OVdlaSBEYWkgKENyeXB0
bysrIENvZGUgU2lnbmluZyBLZXkpIDxjcnlwdG9wcEB3ZWlkYWkuY29tPokBLgQQ
AQIAGAUCPNqi1wgLAwkIBwIBCgIZAQUbAwAAAAAKCRDxkBrrBFSYQ720B/96G6hO
sOWz/3Y/cb63OVJ8OPNcnkXlMtHilCjmPkPEmVkrayPyFjT/VqnX5JmpiJ0g1Jwr
ptLrF9hQ8IupE3+P/JBiDR7XDE4veonuyp0GmVDhwrCIhWOjRFIzeENmVnCYAvfW
IWhHOx/l9gxFKfMiNjDBM6aQ9FD8F6tPVNhpoV1nYwstqwle+WpR+YQHowS7vlqx
PPL2ZtUv1PFmIGNUF83t8koktb1za5CN4Cb/iWlsmIVviw7XA8rYg1ZIzTnMuz1d
FNXHwC39K5TucPRnqn6pyvPwttyBKhBEFurjnfFfBtpyfhaojyiMB3S8Rsid0rx9
bxTvP9WeQDcY7XJFuQENBDzaotgBCACuqQLeu1ZAKTrWTgtJ05vSUvLHzAAvDh2j
kEoYxYvutU2nnCqrTi3Y9o9t+uppSwKhpbF9CEQ7ECBGHbZ3qknWCMwoCJ6n2UKX
BUVxLhNkiwnpPmR8rh4KNFv4r77/lSYXucxZSBwWdfiG6iQfc4GytBp6fKRyPvXI
jM0eFQe+3xdMQCbqrp9zzXQ/cAuuL4kWON+2MVtIhg5TMgjEVk+e57fiIz5XrwRg
mtRXu/G9MCPpVgo/jFnJ1M9OBdJdHeiwcf3Lj9tuq/wDwlHXxmC3TGSsKfL6zbXH
1TNPohjJu9OGmyFe6sH1Fdi4wOsWN2GRlh64VTYNs84Am/Bcu0nvABEBAAGJASIE
GAECAAwFAjzaotgFGwwAAAAACgkQ8ZAa6wRUmEN2TAf+JvsICwwj855dd/A4nlKN
W3dmZGHCRI50cVxEJ+wRky0BFYbtCYQsclFmrmDbi8QrNP3c9J1GkAdyd9bmOTQy
rQ3+biYEQF8XW63WUTRz3aB4ORzExi7JH/tD9bOrnv+Qt3kl4ceo7aZuKrDU0+Jr
3S/xhV2K4VwPDLYbzsNUwsHbAqv2rQyBJISUCfZ9I64yPi2liO8Wm4q/upU6tTja
ZFm4lligmm1PTZalMjvbQzjFMI+9//e1m8Y0YTAVXDMDPELjXSpSx4i7YiW3OZPw
CpVVmdKSEa+W6LK5bKZMYlyo0hOScxSumvirbScdjmUjJCJ5Uxom7YVEqbqIjBOn
Rg==
=mj5e
-----END PGP PUBLIC KEY BLOCK-----
</pre>
  <h3>Governance</h3>
  <p>Individuals who have release authorization are expected to:</p>
  <ol>
    <li>Announce their current key on the mailing list</li>
    <li>Announce changes to the current key on the mailing list</li>
    <li>Publish their current key on this wiki page</li>
    <li>Publish their current key to a well-known keyserver</li>
    <li>Publish changes to the current key on this wiki page</li>
    <li>Store the key offline with passphrase protection</li>
  </ol>
  <p>Signing keys should be 3072-bit RSA and signatures should use SHA-256. Other
  algorithm choices, like Ed25519 or SHA-3, will likely cause interop problems for some
  folks on some platforms.</p>
  <p>Changes to the signing key should be retained on this page. That is, don't delete a
  former key if updating to a new key. Retain the old key for record keeping.</p>
  <p>The key should be stored offline with passphrase protection. For example, burned to
  a CD and then stored in a fire resistant lock box. The key should not be online, and
  should not be under control of a key manager to automatically unlock it.</p>
  <p>Related information can be found at <a href=
  "https://www.apache.org/dev/release-signing.html">Apache Release Signing</a> and
  <a href="https://www.cryptopp.com/wiki/Release_Signing">Release Signing</a> on the
  Crypto++ wiki.</p>
</body>
</html>
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.