Notable Public Keys book update (Electrum, Tails, Veracrypt)

Created by Steven Baltakatei Sandoval on 2022-03-12T12:52Z under a CC BY-SA 4.0 license and last updated on 2022-03-12T13:18Z.

I added three sections to the Notable Public Keys book (PDF, GitLab):

New Sections

Tails

I added a few of the Tails keys and did some research about the origin of Tails. I didn't know that its name (i.e. "The (Amnesic) Incognito Live System") was a hint at the fact that there used to be two projects that merged together. One was called "Incognito" (a privacy-focused operating system based on Gentoo) and the other was "Amnesia" (also a privacy-focused operating system based on Debian). See the PDF for links and notes.

There are many more Tails keys covering various subgroups of Tails development operations (PR, financial, etc.). I've elected to only link to the page containing these fingerprints and focusing on the fingerprints necessary for verifying downloadable installation .iso images (funnily enough, their mailing list key used to also be an image signing key very early on so I include it).

Veracrypt

This is software I had learned about from Steve Gibson's Security Now podcast. I've used it occasionally over the years; it was one of my first entries in my OpenPGP fingerprint notes that later became the Notable Public Keys book. I guess the reason I haven't added it to the book until today was because I was still using my unpublished notes as a source of fingerprints. It's time to share what I know!

Electrum

Years ago, I uploaded a Youtube video about how to verify the Electrum installer for Windows 10. It's probably now out-of-date but the verification procedure still relies on using Thomas Voegtlin's fingerprint. Lately the Electrum.org download page has linked to two other public keys; one seems to be an ElectrumX developer.

The cost of failure for not checking signatures of this software grows each year as Bitcoin does what it does best: persist. It's my hope that this chapter of the book can help prevent people from losing money, if only by providing a persistent reference through time about which fingerprint to trust.

Updates

I made various updates to the <index> tags so that the Index section can be more organized when TeXmacs generates it. This work actually probably took about as along as researching the histories of Tails and Veracrypt combined but involved many more keypresses due to needing to check each existing chapter's tags.

Future Sections

The next chapters I plan to write are below in descending order of priority.

  • GnuPG. Software often used to perform OpenPGP operations.
  • F-Droid. An alternative to the Google Play store.
  • LibreOffice. An alternative to Microsoft Office.
  • Red Hat. A popular commercial GNU/Linux operating system / service company I don't have much experience with but which uses OpenPGP signatures to sign software.