updated signature key

Signed-off-by: Ceki Gulcu <[email protected]>
qos-ch · Aug 9, 2022 · 2e71c6c · 2e71c6c
1 parent a7eb9bc
commit 2e71c6c
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -12,6 +12,30 @@ following email address:
 All logback project artifacts published on Maven central are signed. For each
 artifact, there is an associated signature file with the .asc suffix.
 
+The cryptographic key was updated 2022-08-08 to use a more modern
+Elliptic curve algorithm instead of RSA previously.
+
+### After 2022-08-08
+
+To verify the signature use [this public key](https://www.slf4j.org/public-keys/ceki-public-key.pgp). Here is its fingerprint:
+```
+pub   nistp521 2022-08-08 [SC]
+      60200AC4AE761F1614D6C46766D68DAA073BE985
+uid   Ceki Gulcu <[email protected]>
+sub   nistp521 2022-08-08 [E]
+```
+
+A copy of this key is stored on the
+[keys.openpgp.org](https://keys.openpgp.org) keyserver. To add it to
+your public key ring use the following command:
+
+```
+> FINGER_PRINT=60200AC4AE761F1614D6C46766D68DAA073BE985
+> gpg  --keyserver hkps://keys.openpgp.org --recv-keys $FINGER_PRINT
+```
+
+### Before 2022-08-08
+
 To verify the signature use [this public key](https://www.slf4j.org/public-keys/ceki-public-key.pgp). Here is its fingerprint:
 ```
 pub   2048R/A511E325 2012-04-26