Does GrapheneOS has an official PGP Key?

Jasper82

Does GrapehenOS has an offical PGP Key to sign very important messages?

If yes: where can I find it?

If no: why not?

Novalissoide

Jasper82
https://grapheneos.org/contact#contacting-the-project

Jasper82

The site says:
"Encryption can be performed via our age public key: age1dcftzgq00ykgwvxl5te6d5clqgx75h2g54c0u8gjc43mcnea7p7q3ma0yx."

Can this key also be used for signing?

Johnnyloans

Jasper82 Can this key also be used for signing?

No, this is for someone sending the GOS team files which could be a text file with a message.

https://github.com/FiloSottile/age

Jasper82

Johnnyloans No, this is for someone sending the GOS team files which could be a text file with a message.

https://github.com/FiloSottile/age

So this doesnt answer my questions?

AtavisticPuma

Jasper82
I think the implied answer would be "No, we agree with the goals of the age project, age encryption is better than pgp, and we would rather you use that to contact us"

AtavisticPuma

AtavisticPuma
https://moxie.org/2015/02/24/gpg-and-me.html

https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/

02673853

AtavisticPuma https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/

This doesn't seem like it can compete with the adaption and implementation of PGP/GPG.

For example: Is there any security dedicated device like a hardware wallet that can sign and verify SigStore or some other PGP/GPG competitor?

DohnJoe

02673853 For example: Is there any security dedicated device like a hardware wallet that can sign and verify SigStore or some other PGP/GPG competitor?

I am not sure if I understood correctly what you mean, but in the official SigStore's manual, under the Hardware Tokens Section, they specify that cosign supports hardware tokens for signing and key management.

Just after the explanation on how to do it, there is a list of tested devices, including:

YubiKey 5C
YuibiKey 5C Nano FIPS
YubiKey 4 Series