SSH public key for signing GrapheneOS releases:
contact@grapheneos.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIUg/m5CoP83b0rfSCzYSVA4cw4ir49io5GPoxbgxdJE
This key has been used for signing our Git tags since January 2023 and will also replace signify for factory images releases.
Official builds of GrapheneOS are signed with per-device signing keys for updates and verified boot. Those signatures are automatically verified.
The signatures for source releases (Git tags) and factory images are a separate thing and we're standardizing on using SSH for those.
We replaced GPG with signify for signing factory images in 2019 prior to SSH having file signing support. Signify is perfectly modern, unlike GPG which is a poorly designed legacy technology. However, SSH signing is a lot more broadly available than signify and is a bit nicer.
Our SSH public key is signed with our previous GPG and SSH keys:
Key: https://grapheneos.org/allowed_signers Signify signature: https://grapheneos.org/allowed_signers.sig GPG signature: https://grapheneos.org/allowed_signers.asc
GPG key has been fully retired for a while and the signify key will also be retired going forward.
We've completed replacing the factory images signify signatures with OpenSSH signatures. It only impacts users following the traditional CLI install guide. It's a nice improvement since Windows and macOS have it in the base install and nearly all Linux distributions package it.
Each supported OS for installation either has a Chromium-based browser in the base install (Android, ChromeOS, Windows) or a first party repository with one available, so the web install avoids this problem and relies on verified boot for verifying the flashed firmware and OS.