Add a file with fingerprints that have recently been used to sign

OpenSSL distributions, or are about to.  This has been requested a
little now and then by users, for years :-/...

1 files changed, 28 insertions, 0 deletions

diff --git a/doc/fingerprints.txt b/doc/fingerprints.txt
new file mode 100644
index 0000000000..c350d381eb
--- /dev/null
+++ b/doc/fingerprints.txt
@@ -0,0 +1,28 @@
+                              Fingerprints
+
+OpenSSL releases are signed with PGP/GnuPG keys.  You can find the
+signatures in separate files in the same location you find the
+distributions themselves.  The normal file name is the same as the
+distribution file, with '.asc' added.  For example, the signature for
+the distribution of OpenSSL 0.9.7f, openssl-0.9.7f.tar.gz, is found in
+the file openssl-0.9.7f.tar.gz.asc.
+
+The following is the list of fingerprints for the keys that are
+currently in use (have been used since summer 2004) to sign OpenSSL
+distributions:
+
+pub   1024D/F709453B 2003-10-20
+      Key fingerprint = C4CA B749 C34F 7F4C C04F  DAC9 A7AF 9E78 F709 453B
+uid                  Richard Levitte <richard@levitte.org>
+uid                  Richard Levitte <levitte@openssl.org>
+uid                  Richard Levitte <levitte@lp.se>
+
+pub   2048R/F295C759 1998-12-13
+      Key fingerprint = D0 5D 8C 61 6E 27 E6 60  41 EC B1 B8 D5 7E E5 97
+uid                  Dr S N Henson <shenson@drh-consultancy.demon.co.uk>
+
+pub   1024R/49A563D9 1997-02-24
+      Key fingerprint = 7B 79 19 FA 71 6B 87 25  0E 77 21 E5 52 D9 83 BF
+uid                  Mark Cox <mjc@redhat.com>
+uid                  Mark Cox <mark@awe.com>
+uid                  Mark Cox <mjc@apache.org>