Primary GPG keys for Node.js Releasers (some Releasers sign with subkeys):
- Antoine du Hamel <[email protected]>
C0D6248439F1D5604AAFFB4021D900FFDB233756 - Beth Griggs <[email protected]>
4ED778F539E3634C779C87C6D7062848A1AB005C - Bryan English <[email protected]>
141F07595B7B3FFE74309A937405533BE57C7D57 - Colin Ihrig <[email protected]>
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 - Danielle Adams <[email protected]>
74F12602B6F1C4E913FAA37AD3A89613643B6201 - James M Snell <[email protected]>
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 - Michaël Zasso <[email protected]>
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 - Myles Borins <[email protected]>
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 - Rafael Gonzaga <[email protected]>
890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 - Richard Lau <[email protected]>
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C - Rod Vagg <[email protected]>
DD8F2338BAE7501E3DD5AC78C273792F7D83545D - Ruben Bridgewater <[email protected]>
A48C2BEE680E841632CD4E44F07496B3EB3C1762 - Ruy Adorno <[email protected]>
108F52B48DB57BB0CC439B2997B01419BD92F80A - Shelley Vohr <[email protected]>
B9E2F5981AA6E0CD28160D9FF13993A75599653C - Marco Ippolito <[email protected]>
CC68F5A3106FF448322E48ED27F5E38D5B0A215F
Other keys used to sign some previous releases:
- Danielle Adams <[email protected]>
1C050899334244A8AF75E53792EF661D867B9DFA - Chris Dickinson <[email protected]>
9554F04D7259F04124DE6B476D5A82AC7E37093B - Evan Lucas <[email protected]>
B9AE9905FFD7803F25714661B63B535A4C206CA9 - Gibson Fahnestock <[email protected]>
77984A986EBC2AA786BC0F66B01FBB92821C587A - Isaac Z. Schlueter <[email protected]>
93C7E9E91B49E432C2F75674B0A78B0A6C481CF6 - Italo A. Casas <[email protected]>
56730D5401028683275BD23C23EFEFE93C4CFFFE - Jeremiah Senkpiel <[email protected]>
FD3A5288F042B6850C66B31F09FE44734EB7990E - Julien Gilli <[email protected]>
114F43EE0176B71C7BC219DD50A3051F888C628D - Timothy J Fontaine <[email protected]>
7937DFD2AB06298B2293C3187D33FF9D0246406D - Juan José Arboleda <[email protected]>
61FC681DFB92A079F1685E77973F295594EC4689
This repo contains the raw release signing keys in two forms:
-
The keys/ directory contains the raw ASCII-armored release signing keys listed above.
-
The gpg/ directory contains a GPG keyring preloaded with these release signing keys.
For additional verification of both the keys' content and of the list of authorized signing keys, you may cross-reference the list with nodejs.org and attempt to fetch keys from alternative sources (instead of or in addition to this repo).
First, clone this repo:
git clone https://github.com/nodejs/release-keys.gitThen, prefix your gpg commands with the path to the cloned repo's gpg/ directory.
For example, if you cloned the repo to /path/to/nodejs-keys, then the gpg command
to verify a release package will look something like this:
GNUPGHOME=/path/to/release-keys/gpg gpg --verify SHASUMS256.txt.sig SHASUMS256.txtFirst, clone this repo:
git clone https://github.com/nodejs/release-keys.gitThen, import the release signing keys from this repo into your GPG keychain by invoking the cli.sh script in this repo. For example, immediately after cloning the repo above, the following command will import all release signing keys:
release-keys/cli.sh import