# release-keys **Repository Path**: mirrors_nodejs/release-keys ## Basic Information - **Project Name**: release-keys - **Description**: Node.js release signing keys. - **Primary Language**: Unknown - **License**: MIT - **Default Branch**: main - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2021-06-26 - **Last Updated**: 2026-01-17 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # Node.js Release Keys Primary GPG keys for Node.js Releasers (some Releasers sign with subkeys): * **Antoine du Hamel** <> [`5BE8A3F6C8A5C01D106C0AD820B1A390B168D356`](./keys/5BE8A3F6C8A5C01D106C0AD820B1A390B168D356.asc) * **Juan José Arboleda** <> [`DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7`](./keys/DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7.asc) * **Marco Ippolito** <> [`CC68F5A3106FF448322E48ED27F5E38D5B0A215F`](./keys/CC68F5A3106FF448322E48ED27F5E38D5B0A215F.asc) * **Michaël Zasso** <> [`8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600`](./keys/8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600.asc) * **Rafael Gonzaga** <> [`890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4`](./keys/890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4.asc) * **Richard Lau** <> [`C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C`](./keys/C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C.asc) * **Ruy Adorno** <> [`108F52B48DB57BB0CC439B2997B01419BD92F80A`](./keys/108F52B48DB57BB0CC439B2997B01419BD92F80A.asc) * **Ulises Gascón** <> [`A363A499291CBBC940DD62E41F10027AF002F8B0`](./keys/A363A499291CBBC940DD62E41F10027AF002F8B0.asc) Other keys used to sign some previous releases: * **Antoine du Hamel** <> [`C0D6248439F1D5604AAFFB4021D900FFDB233756`](./keys/C0D6248439F1D5604AAFFB4021D900FFDB233756.asc) * **Beth Griggs** <> [`4ED778F539E3634C779C87C6D7062848A1AB005C`](./keys/4ED778F539E3634C779C87C6D7062848A1AB005C.asc) * **Bryan English** <> [`141F07595B7B3FFE74309A937405533BE57C7D57`](./keys/141F07595B7B3FFE74309A937405533BE57C7D57.asc) * **Chris Dickinson** <> [`9554F04D7259F04124DE6B476D5A82AC7E37093B`](./keys/9554F04D7259F04124DE6B476D5A82AC7E37093B.asc) * **Colin Ihrig** <> [`94AE36675C464D64BAFA68DD7434390BDBE9B9C5`](./keys/94AE36675C464D64BAFA68DD7434390BDBE9B9C5.asc) * **Danielle Adams** <> [`1C050899334244A8AF75E53792EF661D867B9DFA`](./keys/1C050899334244A8AF75E53792EF661D867B9DFA.asc) [`74F12602B6F1C4E913FAA37AD3A89613643B6201`](./keys/74F12602B6F1C4E913FAA37AD3A89613643B6201.asc) * **Evan Lucas** <> [`B9AE9905FFD7803F25714661B63B535A4C206CA9`](./keys/B9AE9905FFD7803F25714661B63B535A4C206CA9.asc) * **Gibson Fahnestock** <> [`77984A986EBC2AA786BC0F66B01FBB92821C587A`](./keys/77984A986EBC2AA786BC0F66B01FBB92821C587A.asc) * **Isaac Z. Schlueter** <> [`93C7E9E91B49E432C2F75674B0A78B0A6C481CF6`](./keys/93C7E9E91B49E432C2F75674B0A78B0A6C481CF6.asc) * **Italo A. Casas** <> [`56730D5401028683275BD23C23EFEFE93C4CFFFE`](./keys/56730D5401028683275BD23C23EFEFE93C4CFFFE.asc) * **James M Snell** <> [`71DCFD284A79C3B38668286BC97EC7A07EDE3FC1`](./keys/71DCFD284A79C3B38668286BC97EC7A07EDE3FC1.asc) * **Jeremiah Senkpiel** <> [`FD3A5288F042B6850C66B31F09FE44734EB7990E`](./keys/FD3A5288F042B6850C66B31F09FE44734EB7990E.asc) * **Juan José Arboleda** <> [`61FC681DFB92A079F1685E77973F295594EC4689`](./keys/61FC681DFB92A079F1685E77973F295594EC4689.asc) * **Julien Gilli** <> [`114F43EE0176B71C7BC219DD50A3051F888C628D`](./keys/114F43EE0176B71C7BC219DD50A3051F888C628D.asc) * **Myles Borins** <> [`C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8`](./keys/C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8.asc) * **Rod Vagg** <> [`DD8F2338BAE7501E3DD5AC78C273792F7D83545D`](./keys/DD8F2338BAE7501E3DD5AC78C273792F7D83545D.asc) * **Ruben Bridgewater** <> [`A48C2BEE680E841632CD4E44F07496B3EB3C1762`](./keys/A48C2BEE680E841632CD4E44F07496B3EB3C1762.asc) * **Shelley Vohr** <> [`B9E2F5981AA6E0CD28160D9FF13993A75599653C`](./keys/B9E2F5981AA6E0CD28160D9FF13993A75599653C.asc) * **Timothy J Fontaine** <> [`7937DFD2AB06298B2293C3187D33FF9D0246406D`](./keys/7937DFD2AB06298B2293C3187D33FF9D0246406D.asc) ## Verifying Release Packages This repo contains the raw release signing keys in three forms: - The **keys/** directory contains the raw ASCII-armored release signing keys listed above. - The **gpg/** directory contains a GPG keyring preloaded with these release signing keys. - The **gpg-only-active-keys/** directory contains a GPG keyring preloaded with the active release signing keys. Use this if you only need to verify signatures of "future" releases. For additional verification of both the keys' content *and* of the list of authorized signing keys, you may cross-reference the list with [nodejs.org](https://nodejs.org) and attempt to fetch keys from alternative sources (instead of or in addition to this repo). ### Using the preloaded GPG keyring First, clone this repo: ```bash git clone https://github.com/nodejs/release-keys.git ``` Then, prefix your `gpg` commands with the path to the cloned repo's **gpg/** directory. For example, if you cloned the repo to **/path/to/nodejs-keys**, then the `gpg` command to verify a release package will look something like this: ```bash GNUPGHOME=/path/to/release-keys/gpg gpg --verify SHASUMS256.txt.sig SHASUMS256.txt ``` ### Using your own GPG keyring First, clone this repo: ```bash git clone https://github.com/nodejs/release-keys.git ``` Then, import the release signing keys from this repo into your GPG keychain by invoking the **cli.sh** script in this repo. For example, immediately after cloning the repo above, the following command will import all release signing keys: ```bash release-keys/cli.sh import ```