F.1 Public keys

We maintain multiple keys, stored with different levels of security due to being used in different ways. See section F.2 below for details.

The keys we provide are:

Snapshot Key

Used to sign routine development builds of PuTTY: nightly snapshots, pre-releases, and sometimes also custom diagnostic builds we send to particular users.

Release Key

Used to sign manually released versions of PuTTY.

Secure Contact Key

An encryption-capable key suitable for people to send confidential messages to the PuTTY team, e.g. reports of vulnerabilities.

Master Key

Used to tie all the above keys into the GPG web of trust. The Master Key signs all the other keys, and other GPG users have signed it in turn.

The current issue of those keys are available for download from the PuTTY website, and are also available on PGP keyservers using the key IDs listed below.

Master Key (2023)

RSA, 4096-bit. Key ID: B15D9EFC216B06A1. Fingerprint: 28D4 7C46 55E7 65A6 D827 AC66 B15D 9EFC 216B 06A1

Release Key (2023)

RSA, 3072-bit. Key ID: 1993D21BCAD1AA77. Fingerprint: F412 BA3A A30F DC0E 77B4 E387 1993 D21B CAD1 AA77

Snapshot Key (2023)

RSA, 3072-bit. Key ID: 10625E553F53FAAD. Fingerprint: 74CC 6DD9 ABA7 31D4 C5A0 C2D0 1062 5E55 3F53 FAAD

Secure Contact Key (2023)

RSA, 3072-bit. Key ID: 1559F6A8929F5EFC. Fingerprint: 01F5 A2B1 1388 D64B 707F 897F 1559 F6A8 929F 5EFC