PGP/GPG Signing Key Change Notice for

July 21st, 2015 @ 19:19 Ubuntu Packages

As part of a periodic keyroller change, the PGP signing key for has been changed. To continue using for APT packages, you must:

  1. Be running the latest version of gnupg2 (2.1.6+)
  2. Import our updated signing key into apt.

As a part of improving the security of signed packages, this key has been signed by my personal ECC signing key, which older versions of gnupg won't be able to import. To bring gnupg up to date, I have built and provide gnupg 2.1.6 packages for both Ubuntu precise and trusty which can be downloaded and installed by running the following command:


The full contents of this script can be viewed online at:

curl | sudo sh [1] [2] ```

After installing you can verify that gnupg 2.1.6 is installed by running the following command:

``` gpg --version

gpg (GnuPG) 2.1.6 libgcrypt 1.6.3 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. ```

Our new signing key can be downloaded at the following location.

The key is an RSA 4096 [3] bit key, and has the following fingerprint.

359F 463E 811B CB6C 5DCE 8183 C3D8 41D5 7C80 A3E0

[1] This script is provided as a convenience to you to install gnupg 2.1.6, and will be delivered over a secure TLSv1.2 connection. Always verify the authenticity of scripts that you run online before piping them through you shell.

[2] All packages downloaded from this script will be downloaded over a TLSv1.2 connection. This script will also import the latest signing key into apt-key for you.

[3] This key was signed by my personal NIST521 key, the details of which may be obtained from my blog to verify the authenticity of this signing key.