Last active
March 5, 2016 18:06
-
-
Save mtigas/0d49b42fab6f9d2f7e69 to your computer and use it in GitHub Desktop.
Some PGP-signed verification for various ProPublica TLS & Tor hidden service identities.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----BEGIN PGP SIGNED MESSAGE----- | |
| Hash: SHA512 | |
| The following are the SSL certificate fingerprints for the | |
| propublica.org servers as of 2015-03-10. | |
| Common Name: www.propublica.org | |
| notBefore=Jul 7 00:00:00 2014 GMT | |
| notAfter=Jul 7 23:59:59 2015 GMT | |
| MD5 Fingerprint=83:E3:9D:2C:28:34:8D:9E:65:79:90:22:E8:71:3C:6F | |
| SHA1 Fingerprint=90:82:5A:80:DE:4C:64:67:DA:F5:11:73:39:AF:79:CE:0E:E8:E5:59 | |
| SHA256 Fingerprint=B2:4B:1E:C2:59:E8:DF:72:62:A0:74:D0:26:02:29:43:4C:14:46:1A:78:02:6D:A3:AE:34:B3:FF:54:F1:7F:A0 | |
| Common Name: projects.propublica.org | |
| notBefore=Nov 18 00:00:00 2014 GMT | |
| notAfter=Nov 23 12:00:00 2015 GMT | |
| MD5 Fingerprint=BD:39:56:49:09:E7:A0:E1:15:90:79:56:37:6C:6E:A8 | |
| SHA1 Fingerprint=3C:2A:32:B2:BA:2C:88:FC:84:32:A1:25:98:6A:DB:C4:8C:43:81:FC | |
| SHA256 Fingerprint=83:10:33:D5:CE:12:38:7B:1C:32:D2:C9:B2:A3:5D:BE:2C:06:EA:82:87:1E:CD:AA:E3:1D:09:32:AB:13:26:CC | |
| Common Name: static.propublica.org | |
| notBefore=Oct 31 00:00:00 2014 GMT | |
| notAfter=Oct 31 23:59:59 2015 GMT | |
| MD5 Fingerprint=46:B8:1B:6C:3A:D6:CD:73:29:4E:8B:47:29:97:39:E9 | |
| SHA1 Fingerprint=24:89:7B:4D:57:5A:04:09:E7:9D:05:48:74:4A:39:ED:4C:5E:27:82 | |
| SHA256 Fingerprint=7E:CB:B6:53:C8:2E:95:40:DC:4B:6E:6B:AC:CD:21:10:AE:8F:0C:0D:BF:8B:18:AD:60:0F:D6:0F:4C:9B:5E:9D | |
| Common Name: securedrop.propublica.org | |
| notBefore=Jan 19 22:35:09 2014 GMT | |
| notAfter=Jan 22 11:56:54 2017 GMT | |
| MD5 Fingerprint=E5:3D:80:2D:A0:70:68:36:B9:C6:03:EB:DA:A4:C6:CC | |
| SHA1 Fingerprint=33:03:99:09:7E:D3:83:E4:AC:48:54:E4:89:19:2D:47:68:61:7A:B5 | |
| SHA256 Fingerprint=47:F2:2F:33:83:62:FE:02:10:61:69:73:3D:78:77:AB:35:1B:F5:96:2C:08:A4:EF:C2:5F:5A:26:1F:F5:19:95 | |
| Common Name: propub3r6espa33w.onion (www.propublica.org hidden service mirror - self-signed SSL) | |
| notBefore=Dec 3 20:33:38 2014 GMT | |
| notAfter=Dec 3 20:33:38 2015 GMT | |
| MD5 Fingerprint=43:03:6C:B4:63:83:27:7A:83:61:16:46:08:71:E9:09 | |
| SHA1 Fingerprint=BE:7F:C0:DE:73:64:23:E0:7B:D5:04:47:59:B3:7E:27:F0:52:E0:5B | |
| SHA256 Fingerprint=CD:74:43:31:C5:5A:0F:33:A7:F7:E0:1F:54:60:9A:AB:07:2F:95:8D:6A:9A:F8:07:93:6F:4D:23:52:B1:F3:0F | |
| Common Name: pubapp7v22ykdou3.onion (projects.propublica.org hidden service mirror - self-signed SSL) | |
| notBefore=Dec 3 20:34:31 2014 GMT | |
| notAfter=Dec 3 20:34:31 2015 GMT | |
| MD5 Fingerprint=78:8B:F1:BB:4D:53:7B:35:5A:B5:DD:7F:62:29:3A:9D | |
| SHA1 Fingerprint=B9:FB:C6:42:58:0F:E6:D4:17:ED:C4:C6:8C:FC:A8:71:6A:68:35:92 | |
| SHA256 Fingerprint=AD:90:21:82:D2:41:DB:56:EA:27:66:78:F8:9E:3C:05:49:65:06:17:C6:8F:5B:26:72:DA:5C:DB:A7:89:94:7D | |
| Common Name: ppasset42kropoy6.onion (static.propublica.org hidden service mirror - self-signed SSL) | |
| notBefore=Dec 3 20:21:40 2014 GMT | |
| notAfter=Dec 3 20:21:40 2015 GMT | |
| MD5 Fingerprint=A3:5B:22:74:72:A7:89:B0:E7:EC:92:DC:1F:0B:0D:E9 | |
| SHA1 Fingerprint=E7:C9:AF:C7:79:3D:5F:A9:06:A5:95:20:E1:AE:87:B7:25:C4:AA:DE | |
| SHA256 Fingerprint=05:77:35:B1:ED:5C:15:5F:4D:EB:AF:E1:99:6A:E0:32:EE:D0:80:9F:32:8C:FC:AA:F4:9E:04:57:06:CA:DF:27 | |
| ============================== | |
| This message can be verified via the following PGP key, which can be | |
| corroborated on my ProPublica staff profile and other following links: | |
| pub 8192R/0xA993E7156E0E9923 2013-07-19 [expires: 2016-01-02] | |
| Key fingerprint = 4034 E60A A782 7C5D F21A 89AA A993 E715 6E0E 9923 | |
| uid [ultimate] Mike Tigas <[email protected]> | |
| uid [ultimate] Mike Tigas <[email protected]> | |
| sub 8192R/0xECB867297E745064 2013-12-24 [expires: 2016-01-02] | |
| sub 8192R/0xB09CCE88E55F7656 2013-07-19 [expires: 2016-01-02] | |
| https://s3.amazonaws.com/propublica/assets/pgp/mike_tigas-4034E60AA7827C5DF21A89AAA993E7156E0E9923.txt | |
| https://mike.tig.as/pubkey_6E0E9923.txt | |
| http://p80.pool.sks-keyservers.net/pks/lookup?op=get&search=0x4034E60AA7827C5DF21A89AAA993E7156E0E9923 | |
| https://www.propublica.org/site/author/mike_tigas | |
| https://mike.tig.as/ | |
| https://twitter.com/mtigas | |
| https://keybase.io/mtigas | |
| -----BEGIN PGP SIGNATURE----- | |
| iQQcBAEBCgAGBQJU/19xAAoJEOy4Zyl+dFBk9Jsf/ii9bj/2vFlLGbdktUj7ckZJ | |
| 6ypVyA1e3rrIAGxxWOgiTmAO0GNvh1a1JkoCBg20kLVk/FlV73GAGcSgw3g1gL8K | |
| iRZiIdw0/+//00L7gN+KAYlDLzjuQHPiHgbF3yIBKZUlqzgHDfE7Ul3G8al31I+v | |
| Lg2KbJgoY1xnvFFVUSiAMF+ToIhC0Np86+uR/g6nU76FNv2RX7YmHkN6KhUxmJAE | |
| dV2d8BGcrs6hvkVq23JlR+pSDdobqdSoZ3hjxLRNzbaWd74YQwAj4LNYYXJfJ4X5 | |
| XuVE0hdPOv5W/Bil9xu2h1g9vN4VccOoRrhsyEvVdDgaEfj8MsgHXKEEwyiLWOp7 | |
| r6xRWEQXt2IJHgSwxVfpOHGPE5IFgXWK3GwcJzKWBIRgFkmhWH8UE5XsNxwFUG17 | |
| KUER5GOQxe5vjMKe1hkjaHWulU97NlyRPaYuVJ3L0D5R7X+jgT/H6ytEHxkUAgc4 | |
| qkjpQZjfleH1NSOoLQCTJrg0H1s8y7EXc/5duo9dNH/WPTeiYmo+qlZ2iSKRByF4 | |
| +eCSMCEsQ3Dc4ZIg6E3VmzH0AKdKvn2U7iJvxsz3fxKhOcaQ8oc+yPdB6X3IOH6K | |
| thR4SHiKiFRH2fwLGX6KYuPqFFskCNDi296cbQbvk28jUtz21kCdL0r73uFMHrdb | |
| Fy5EVvctrqGtZmFcPm0NlS1vPofOynddcEaT57HPhWOVpFPgZlJ6Bx+2APEOuc7o | |
| EEOHsz+nNWpxtGHN6/K1Ulpx1W4PCP/FPH8/fGoOVgFP1+Pb5qEw9X1ApK0U9+zj | |
| sPZJNE6TCJTg5A4MZb8LT6BwU8zmJcISr8PUZhAHRrM8doxxIAEUoXt/vDBb6Ord | |
| BspV7MpBo9DYAYglPuz+ilyyl+oC29lyCr5UzeAm+74nAdddqyqd13m4Ge52WwDr | |
| pRKF+MXxBR+GnME1U/f5hyv+8OJB7GIQJUR6UOTJXe3XKaCAyaXDpTfJBEYVxG89 | |
| wJP8Fbk68UYKNIoWxlTetVtFdbEhGONRGBwP5sMGwtTRJepQG4wEoBr2Y6Zf/5ut | |
| dDaAR2yml2a3aJTKjRQTTL+S8e5oSCaEGh0i5SW8vfn4GsEog42tw3iQIkQdD579 | |
| sZLAEtkwk6RFVxe2w8AF9769WUBcsAY82wO3+SYiJBEhacTF/gjylBsUe3ErPulu | |
| irqhGTpBtAm/eCz8u7DOJslbLDh7dy3MthhLKXEyRczDUKbN/BfDCBdKxdqKPRzl | |
| qwdUNvO0IWj5WYdtE05wClsCIEqxTjJGsDUJRXRv1hYAqREu7PBRS6KHMutb3LlU | |
| jLKKtOWqhEFeQTvcLOn+Cy7B5p85U9ZWvZuzeVc0qh5BBYcLq+E4NccCxLyvkl8= | |
| =boXg | |
| -----END PGP SIGNATURE----- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----BEGIN PGP SIGNED MESSAGE----- | |
| Hash: SHA512 | |
| As of December 3, 2014, these three `*.propublica.org` domains | |
| are mirrored by the following corresponding Tor hidden services: | |
| www.propublica.org | propub3r6espa33w.onion | |
| projects.propublica.org | pubapp7v22ykdou3.onion | |
| static.propublica.org | ppasset42kropoy6.onion | |
| And our SecureDrop instance (info: https://securedrop.propublica.org/ | |
| and https://freedom.press/securedrop ) is located at: | |
| pubdrop4dw6rk3aq.onion | |
| This message can be verified via the following PGP key, which can be | |
| corroborated on my ProPublica staff profile and other following links: | |
| pub 8192R/0xA993E7156E0E9923 2013-07-19 [expires: 2016-01-02] | |
| Key fingerprint = 4034 E60A A782 7C5D F21A 89AA A993 E715 6E0E 9923 | |
| uid [ultimate] Mike Tigas <[email protected]> | |
| uid [ultimate] Mike Tigas <[email protected]> | |
| sub 8192R/0xECB867297E745064 2013-12-24 [expires: 2016-01-02] | |
| sub 8192R/0xB09CCE88E55F7656 2013-07-19 [expires: 2016-01-02] | |
| https://s3.amazonaws.com/propublica/assets/pgp/mike_tigas-4034E60AA7827C5DF21A89AAA993E7156E0E9923.txt | |
| https://mike.tig.as/pubkey_6E0E9923.txt | |
| http://p80.pool.sks-keyservers.net/pks/lookup?op=get&search=0x4034E60AA7827C5DF21A89AAA993E7156E0E9923 | |
| https://www.propublica.org/site/author/mike_tigas | |
| https://mike.tig.as/ | |
| https://twitter.com/mtigas | |
| https://keybase.io/mtigas | |
| -----BEGIN PGP SIGNATURE----- | |
| iQQcBAEBCgAGBQJU/1+5AAoJEOy4Zyl+dFBkIf0f/1EPNdvomhG+HZ/PAkayNIWg | |
| vyYmGIrLNYohDaowkDE95sdG/9zlAfdq7R7BL1q998uhgkciEwpVbLUSII/is4n7 | |
| Mfr1HQFfqxqfH/T+VJVVe99pUQfEKgc0XwWGUgNdlNjEwf2/CBQquYRS5eKF7qN6 | |
| J0vb/qXzSbITDoBzgdM4SRGLHFe2Op5PM72AACRQLDVHnQEaSi1vxzPTZ9Quk7Iq | |
| 2KBHL0DMQPrEj5EPLh69CJq5ApEqS7UqW8pPpLxvqFEBnurQeRBM17Zlas4evLLm | |
| +yDTAcxEYhrwAzzEoxLTEDJfyqjw/V6olh7+9KPLkho5TonopbKkfgivIoEwc7zo | |
| 7nFwdlqumBXCNztUCx2iMGQG1k13lAOZoaet0nHV+NcEjpWYWoEh2KyewzLnh5jU | |
| /Qf0DrnfmycIqkTdcR4+Yims5s/FEo/tq7XebR9CGOFf5ycjCtEL3/NzfI5Jt8Wp | |
| 5LDOlRzCT3auvsXTPTEKRbVunw2fJpIgmVXkN3/j++H8IxZMbmS6q/BZbuzeyX4I | |
| Ny1/fqsP1znJz8ERX40lrcbTjmte7TjnG8GNvDo5in8ssx6ljwNITwMmu9EUSw0I | |
| 9jrAHgPNF223pfX9wQaXtcXLqM+mnG4ZwMVMJjnwDUOrlzAAmPprtcXNnvHgU0io | |
| Mbv3wRGFBwMAr9g/mtu4LC8G7LSYkM9MzIl6c0qgrdKeR/RcmhNJa4BqCDCXbUb0 | |
| 1RuvosNfkdQNxFR+w3jqrXEEhN1ekE3AlkzN5VsEPTuFUOLm+FDN1Ctake4vwgee | |
| J/xE3jIowaC9tN2IsDg8m7FF7alPqI3yccgbZjfH9J+Rwxn1brrwStN6NcRn/HXh | |
| Z+uokX8G+FrKHz3NOn+/RAIiQXSbP6rrXMYzF3cSA+/6xPWVrMumBQUgWaSRVWlO | |
| kjPy4AIXhCQbAQFSKRkDOFlgP+D7BwJfh+z1LbilFIvheYXNgDutHZBIjzpHe5dv | |
| pJUTWisQehwPImgxqb10bMFO41ID7a/tEFzxCux/+RIQatukVm5eoRdRnIPZHPk8 | |
| WjEDCZVUNi5d7kTOJp5bWvFCK7ex1Z0o5sdMbpyBPu5PNeo8HTNVlX/Ba6lljouT | |
| Jb9szG2gqyn9NRtQcZWoYWnoPmzz7Cdl3lrVWShbKBHZVgO3y2TXrK7uzHhoeDtJ | |
| D+Pzjef/9jFu2n6nJv4yEugk7gjKImXoVPv0tA2NpFfum+u5XheD+gmi/uGm1eh3 | |
| hEIAUEUVT+Fb7bPR7WOd78Cm7WKU/Y69I4VX3VCHeP/S8HJxpvJj3bJeTMxainxH | |
| yG7Qnej2SDbPHtBcioTwd7NNUVt/f7bZ3sSBloH7cSXlRBbS9SonrV8r19lFUJ8= | |
| =n2JK | |
| -----END PGP SIGNATURE----- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export PATH=`brew --prefix curl`/bin:`brew --prefix openssl`/bin:`brew --prefix gnupg2`/bin:$PATH | |
| /usr/local/opt/curl/bin/curl -k -Lo /tmp/ca-bundle.crt https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt | |
| tee /tmp/certs.txt << EOF1 | |
| The following are the SSL certificate fingerprints for the | |
| propublica.org servers as of `date +"%Y-%m-%d"`. | |
| EOF1 | |
| SITES="www.propublica.org projects.propublica.org static.propublica.org securedrop.propublica.org" | |
| for SITE in ${SITES}; do | |
| echo -n | openssl s_client -connect ${SITE}:443 -servername ${SITE} -CAfile /tmp/ca-bundle.crt | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/${SITE}.pem | |
| echo "Common Name: ${SITE}" >> /tmp/certs.txt | |
| openssl x509 -noout -in /tmp/${SITE}.pem -dates >> /tmp/certs.txt | |
| openssl x509 -noout -in /tmp/${SITE}.pem -fingerprint -md5 >> /tmp/certs.txt | |
| openssl x509 -noout -in /tmp/${SITE}.pem -fingerprint -sha1 >> /tmp/certs.txt | |
| openssl x509 -noout -in /tmp/${SITE}.pem -fingerprint -sha256 >> /tmp/certs.txt | |
| echo "" >> /tmp/certs.txt | |
| done | |
| SITE="propub3r6espa33w.onion" | |
| echo "Common Name: ${SITE} (www.propublica.org hidden service mirror - self-signed SSL)" >> /tmp/certs.txt | |
| openssl x509 -noout -in /foo/bar/nginx/${SITE}.pem -dates >> /tmp/certs.txt | |
| openssl x509 -noout -in /foo/bar/nginx/${SITE}.pem -fingerprint -md5 >> /tmp/certs.txt | |
| openssl x509 -noout -in /foo/bar/nginx/${SITE}.pem -fingerprint -sha1 >> /tmp/certs.txt | |
| openssl x509 -noout -in /foo/bar/nginx/${SITE}.pem -fingerprint -sha256 >> /tmp/certs.txt | |
| echo "" >> /tmp/certs.txt | |
| SITE="pubapp7v22ykdou3.onion" | |
| echo "Common Name: ${SITE} (projects.propublica.org hidden service mirror - self-signed SSL)" >> /tmp/certs.txt | |
| openssl x509 -noout -in /foo/bar/nginx/${SITE}.pem -dates >> /tmp/certs.txt | |
| openssl x509 -noout -in /foo/bar/nginx/${SITE}.pem -fingerprint -md5 >> /tmp/certs.txt | |
| openssl x509 -noout -in /foo/bar/nginx/${SITE}.pem -fingerprint -sha1 >> /tmp/certs.txt | |
| openssl x509 -noout -in /foo/bar/nginx/${SITE}.pem -fingerprint -sha256 >> /tmp/certs.txt | |
| echo "" >> /tmp/certs.txt | |
| SITE="ppasset42kropoy6.onion" | |
| echo "Common Name: ${SITE} (static.propublica.org hidden service mirror - self-signed SSL)" >> /tmp/certs.txt | |
| openssl x509 -noout -in /foo/bar/nginx/${SITE}.pem -dates >> /tmp/certs.txt | |
| openssl x509 -noout -in /foo/bar/nginx/${SITE}.pem -fingerprint -md5 >> /tmp/certs.txt | |
| openssl x509 -noout -in /foo/bar/nginx/${SITE}.pem -fingerprint -sha1 >> /tmp/certs.txt | |
| openssl x509 -noout -in /foo/bar/nginx/${SITE}.pem -fingerprint -sha256 >> /tmp/certs.txt | |
| echo "" >> /tmp/certs.txt | |
| tee -a /tmp/certs.txt << EOF1 | |
| ============================== | |
| This message can be verified via the following PGP key, which can be | |
| corroborated on my ProPublica staff profile and other following links: | |
| pub 8192R/0xA993E7156E0E9923 2013-07-19 [expires: 2016-01-02] | |
| Key fingerprint = 4034 E60A A782 7C5D F21A 89AA A993 E715 6E0E 9923 | |
| uid [ultimate] Mike Tigas <[email protected]> | |
| uid [ultimate] Mike Tigas <[email protected]> | |
| sub 8192R/0xECB867297E745064 2013-12-24 [expires: 2016-01-02] | |
| sub 8192R/0xB09CCE88E55F7656 2013-07-19 [expires: 2016-01-02] | |
| https://s3.amazonaws.com/propublica/assets/pgp/mike_tigas-4034E60AA7827C5DF21A89AAA993E7156E0E9923.txt | |
| https://mike.tig.as/pubkey_6E0E9923.txt | |
| http://p80.pool.sks-keyservers.net/pks/lookup?op=get&search=0x4034E60AA7827C5DF21A89AAA993E7156E0E9923 | |
| https://www.propublica.org/site/author/mike_tigas | |
| https://mike.tig.as/ | |
| https://twitter.com/mtigas | |
| https://keybase.io/mtigas | |
| EOF1 | |
| gpg --clearsign -u 0x4034E60AA7827C5DF21A89AAA993E7156E0E9923 /tmp/certs.txt | |
| cat /tmp/certs.txt.asc |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment