Warrant Canary

This repository contains the official warrant canary for Joplin.

The purpose of the warrant canary is to provide a regularly updated, cryptographically signed statement indicating that no secret legal orders, gag orders, or similar directives have been received as of the stated date.

If such an order were ever received and disclosure were legally prohibited, the canary would cease to be updated.

Location of the Canary

The current signed canary is published at:

https://github.com/laurent22/joplin/raw/dev/readme/canary.txt

Canary Signing Key

The canary is signed using a dedicated OpenPGP key. It is linked from the canary.txt file.

Its fingerprint is present in the canary.txt file itself and duplicated at:

https://github.com/laurent22/joplin/blob/dev/README.md

Updating the canary file

Run yarn updateCanary from the root of the repository and follow the prompt.

Key Rotation Policy

The canary signing key may be rotated for the following reasons:

Key expiry
Suspected compromise
Maintainer transition
Operational upgrades (e.g. hardware-backed signing)

Key rotation will never be performed silently.

Key Rotation Procedure

1. Generate a New Key

Create a new dedicated OpenPGP signing key.

Export the new public key in ASCII-armoured format.

2. Publish the New Key

Add the new public key to:

https://github.com/laurent22/joplin/raw/dev/Assets/keys/joplin-canary-signing-key.asc

3. Update Documentation

Update the README

Mark the new fingerprint as Active
Mark the previous fingerprint as Retired
Document the rotation date

Example:

Active Canary Signing Key:
NEW FINGERPRINT

Previous Key (retired 2028-02-18):
OLD FINGERPRINT

Update updateCanary.ts

Add the new fingerprint to the canary template.

4. Transitional Signing

For the first canary issued after rotation:

Sign with the new key
Optionally also sign with the old key

This creates a cryptographic bridge between the two identities.

If the old key is compromised, do not dual-sign. Instead, publish a revocation statement.