diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 1363301aab..09a3c3ac62 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -610,28 +610,17 @@ The preferred workflow is:
    b. Send an email to ``openexr-dev@lists.aswf.io`` officially
       annoucing the release.
    
-9. Detach-sign the release source artifact with the GPG key
+9. Update the ``release`` branch, which should always point to the
+   most recent patch of the most recent minor release, i.e. the most
+   preferred release.
 
-   a. On the releases page, download the .zip file of the release source.
+   From a clone of the main repo:
 
-   b. Unzip it and verify that it is identical to the source at the
-      release tag in your repo clone.
-
-   c. Sign the zip file via `gpg --detach-sig <file.zip>`
-
-   d. Upload the `.sig` file to the GitHub release page.
-
-10. Update the ``release`` branch, which should always point to the
-    most recent patch of the most recent minor release, i.e. the most
-    preferred release.
-
-    From a clone of the main repo:
-
-        % git checkout release
-        % git merge RB-3.1
-        % git push
+       % git checkout release
+       % git merge RB-3.1
+       % git push
          
-11. Submit a PR that adds the release notes to [CHANGES.md](CHANGES.md)
+10. Submit a PR that adds the release notes to [CHANGES.md](CHANGES.md)
     on the main branch. Cherry-pick the release notes commit from
     the release branch.
 
@@ -641,14 +630,14 @@ The preferred workflow is:
     - Also include in this PR edits to [``docs/news.rst``](docs/news.rst)
       that add an announcment of the release.
 
-12. After review/merge of the updates to ``docs/news.rst``, build the
+11. After review/merge of the updates to ``docs/news.rst``, build the
     website at https://readthedocs.org/projects/openexr.
 
-13. If the release has resolved any OSS-Fuzz issues, update the
+12. If the release has resolved any OSS-Fuzz issues, update the
     associated pages at https://bugs.chromium.org/p/oss-fuzz with a
     reference to the release.
 
-14. If the release has resolved any public CVE's, request an update
+13. If the release has resolved any public CVE's, request an update
     from the registry service providing the release and a link to the
     release notes.
 
diff --git a/SECURITY.md b/SECURITY.md
index 0f2061d1a9..bc44564133 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -74,8 +74,9 @@ security vulnerabilities.
 
 ## Signed Releases
 
-Releases are signed by the GPG key listed in
-[openexr.keyring](openexr.keyring).
+Releases artifacts are signed via
+[sigstore](https://www.sigstore.dev). See
+[release-sign.yml](.github/workflows/release-sign.yml) for details.
 
 ## Security Expectations
 
diff --git a/openexr.keyring b/openexr.keyring
deleted file mode 100644
index 23202c9260..0000000000
--- a/openexr.keyring
+++ /dev/null
@@ -1,46 +0,0 @@
-pub   rsa3072 2024-02-11 [SC]
-      B34A8F2C14A48F38FEB395338AA6076A6174AF64
-uid           [ultimate] Cary Phillips (cary-ilm) <cary@ilm.com>
-sub   rsa3072 2024-02-11 [E]
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQGNBGXJCl8BDADsi1wTcmePGCEwKOfhlSAPADo740P5I38DJ2OPgvhB5+n7u6tC
-VUmhaFo3pGVy+jZ+ZihRKkCd8bxONokSu6t17+ZfPdS5+Cd6+HHnYS8kTbWS1CEZ
-k1UR+xWcdoW3mhYDlwR6RdJcYk9BSFI7iwATwteChEDYjxQ7A22BFEya1YFRdj1j
-miFtilPPnfpOmowhtBicYc4K0fV15aOEvKnNW4mB8DSgl1bAG3Tj6jNBKSiDvbUI
-ZHJbqZa5Nxskyv67hsSSLmW/jqo56Flfw7vrXve7jdZ7/s44JMIdq2MK7DXq2YZy
-sr9CVAPrU21oIAqJTAnp7vVsLhSb1rYClpXAtE+K2N568VXBaO/P2UKo+cXaXJlt
-XXL0oHRCONYfHPrtLGq6MleUvSf9SQCkIct4NzZ0Z4E9vYz9f3JDJZRSSGkw+MC9
-2F9euKauz+8OhCnQSpPgAsLvpdbu1QuYo/dh6fl0GquvS74mdab2XRfdG7IDkVaT
-3yqtnNJ/0kULZBsAEQEAAbQnQ2FyeSBQaGlsbGlwcyAoY2FyeS1pbG0pIDxjYXJ5
-QGlsbS5jb20+iQHOBBMBCgA4FiEEs0qPLBSkjzj+s5UziqYHamF0r2QFAmXJCl8C
-GwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQiqYHamF0r2RS+gwAmyRu7xYp
-oTSw8UDZVKDvSieP1ndcHvIrx6MLsgsRGKo1Eehg5kZhNzOezLCp6hpBHpsD9hyN
-tViQc4nhXoUMV/F/lB+kWMZJQYBI4QjuVMp+ACaBRdTUTHKBEb2gYyH7cXb1ffot
-/jrvoIeRcCzW/3CimTREIUO9hmMesWGc3ruirj+y2MWe9ZQrkwjch4TMu5wKbsrq
-3GFtxI+6CW9Ri2kiq3tvL1ahP8mp6xn/4cKqMVt+oB2sz0pOfoqlqanMFoOZamd4
-asuYPtfQ+TYo/7u9qSwsfHEZiYycfwzrG/9WilyMSkIhSF9+Xf0kSH04mzL5IlVM
-5lQJC/swZ6oTxd9vPgmq7v0nps8/Hp3fpaw3c1C5fg5edfQ4tSRcZrf4VPW/PIsl
-zQHT9Alb2ENfwsg5TkhgiuBcUXtmx0WhKukTu8gt4R8r1YeiYNgGcIO0TOlBOoLF
-+ORLSandNrTXMdfudLv6YQSrKSeGoKDRAQ+TLZh9J5Pl74N/KPfAMHHUuQGNBGXJ
-Cl8BDADsXegefQC9ip3dhOwqAxa/x6nCERr0piO9l3kzCTWHB8QjXyL2tnNNTjIk
-MTowHeCB/l8jg2oPcIArhApIosTxG4CbnLUd2nrOWs3Ln1ejBUuGO6lXtUJkIy+X
-VMf5doMjJAiZQqLsOlHb3rujSH94lnOPMUV68Dn/xxK4xJyoY476SyS6gehFvsAR
-2b7bvHPgpzk8GtzCdSIKavc32PY6LYb3vhp496sGQ0r7nNWfVlIc7oF8K39qMlu8
-BE78vZb8ZuwiphYXlsp4mf6pgrDyondoF7b0EI4qlqRmAbdKWnTLkBuP6NEAYL2K
-EKUSMcuFryVW1GDPueFuluE1Lr95wxv5qny0PNqdMNB9qh5q/KRfKGyOMk00BSBL
-sZxcq9tYMzcyW2/kvP6fSdZVbpa168NKQPvtDxkx8HJtw5CS8huSjwZC/8muYbHP
-YQvuIQv9dJ2p/e4SI0jqSb2jam18nXOYFjlKUq/M8yHhI1PpfNDOspkyA59Qm6k2
-Fca5hEMAEQEAAYkBtgQYAQoAIBYhBLNKjywUpI84/rOVM4qmB2phdK9kBQJlyQpf
-AhsMAAoJEIqmB2phdK9koQYMALGKrXZk17ounAI1piOVnixqg3EWZwUR5UnD5tIs
-BTyah+jx9frRhaOsCpfSSC3oyt4Qcz7JNGxCTYfVMazFQQjs10vzLmAjGDjXprGb
-nHq8x3LOVwDAAhmN3pGaA1q6hdSyzyCIdqlL/KABdGaza5IQlhRkjzGhaVBPNRQw
-xe+2lDmfVTJz/3/3kPw3REgH1CECDK2b2Dy4o8D+NyDp6b8A2gw8nOGbSvixitQl
-aZOXEjzBPOL0QFIJlwFxHU8N8xgW0xU+P48BtHUSp//sJVUpSi7F6WMN9q9+a39W
-uJ5M2eb7v65z8hvtwXXJ4/mKup33VarhA0SwV0dJPj7FYxfw/DABgy/tCHHEzhXF
-qGZysBhQBXCuz2OQHaKYF1hoBBZu8A7VomVC8U54WOGoyjzvEygZ+z2Nr/m7wXAZ
-Ra/FZ3WAiHbHhsMkIQTM/STNgR+gcEMvHQ4FttAoF8CQNXXS+WMdeE2D8PP7xDvK
-shRUqerkfoXgWyVFSPJDDJL76A==
-=aEYT
------END PGP PUBLIC KEY BLOCK-----