September 20, 2013

Ubuntu/Debian APT repository GPG key update

by with 4 comments

Hello Debian friends!

The GPG key for our Ubuntu/Debian APT repository expires today. We’ve created a new key that you can get here: https://spideroak.com/dist/spideroak-apt-2013.asc. We will have new builds shortly that include the new key.

The new key looks like this:

pub   1024D/08C15DD0 2013-09-20 [expires: 2016-09-19]
      Key fingerprint = FE45 E533 0B11 DCF0 3247  EF49 A6FF 22FF 08C1 5DD0
uid                  SpiderOak Apt Repository 

UPDATE: New .deb packages are available on the Download Page. This will automatically update your apt keys and ensure you continue to get updates.

Advanced users can install the new key with this command:

curl https://spideroak.com/dist/spideroak-apt-2013.asc | sudo apt-key add -

After installing the new key, update your package manager and you’ll be able to upgrade to future versions of SpiderOak without issue.

Comments
  1. Thank you for the upgrade. Nevertheless, I think you should have created a much stronger key of 2048 bits at least instead of keep on using a brute-force vulnerable Diffie-hellman key of just 1024 bits.

    • apt.spideroak.com doesn’t use https. APT uses a PGP-based verification system so HTTPS isn’t needed to verify integrity.

      • Yeah but it still gives an invalid cert error when browsing through a web page. It used to work, despite it not really being a front-facing webpage and just an index.