Anapaya Software Releases

To verify that the Anapaya software has not been tampered with from the time it is released until the operator installs it on a device, we cryptographically sign our software releases.

Below, we provide the public keys that can be used to verify the signatures and the signatures themselves.

Please refer to the Anapaya documentation for detailed instructions on how to install and update Anapaya software.

All signing keys and signatures in a single tarball

signatures.tar.gz

Signing keys

The JSON file below lists all the valid public keys and metadata (e.g. fingerprint and creation time) corresponding to the private keys that Anapaya uses to sign release versions.

keys.json

Signatures

The JSON files below list the signatures for each release version. The signatures are for the anapaya-scion and anapaya-system packages. Each JSON file contains the name and checksum of the package, as well as a list of package signatures along with the signature creation time and the public key that can be used to verify the package.

SCION packages

System packages