[keyring] Add new build system signing key stored on Nitrokey 3A Mini dongle
LEDE Commits
lede-commits at lists.infradead.org
Thu May 18 07:10:15 PDT 2023
ynezz pushed a commit to keyring.git, branch master:
https://git.openwrt.org/6b42a5c8b7dc049b899869b2a1b94daf69ceb2f5
commit 6b42a5c8b7dc049b899869b2a1b94daf69ceb2f5
Author: Petr Štetiar <ynezz at true.cz>
AuthorDate: Thu May 18 16:01:25 2023 +0200
Add new build system signing key stored on Nitrokey 3A Mini dongle
This key is available only from Nitrokey 3A Mini (nk3) USB security key.
Only 3 such identical nk3 dongles were provisioned[1], one nk3 dongle is
going to be attached to the new buildbot master server, remaining two
nk3 dongles are going to be kept as a backup (ynezz, jow). GnuPG
master/secret keys are not available, only revocation certificate was
generated, just in case.
This new signing key 0x1D53D1877742E911 available only from those three
nk3 dongles was cross signed with 3 previous signing keys (snapshot,
21.02, 22.03):
pub ed25519/0x1D53D1877742E911 2023-05-18 [C] [expires: 2033-05-15]
Key fingerprint = 8A8B C12F 46B8 36C0 F9CD B36F 1D53 D187 7742 E911
uid [ultimate] OpenWrt Build System (Nitrokey3) <contact at openwrt.org>
sig 3 0x1D53D1877742E911 2023-05-18 OpenWrt Build System (Nitrokey3) <contact at openwrt.org>
sig 0xCD84BCED626471F1 2023-05-18 OpenWrt Build System (PGP key for unattended snapshot builds) <pgpsign-snapshots at openwrt.org>
sig 0xCD54E82DADB3684D 2023-05-18 OpenWrt Build System (GnuPGP key for 22.03 release builds) <pgpsign-22.03 at openwrt.org>
sig 0x88CA59E88F681580 2023-05-18 OpenWrt Build System (PGP key for 21.02 release builds) <pgpsign-21.02 at openwrt.org>
sub ed25519/0x2B0151090606D1D9 2023-05-18 [S] [expires: 2033-05-15]
Key fingerprint = 92C5 61DE 55AE 6552 F3C7 36B8 2B01 5109 0606 D1D9
sig 0x1D53D1877742E911 2023-05-18 OpenWrt Build System (Nitrokey3) <contact at openwrt.org>
nk3 dongle PIN is going to be available to all build infrastructure
admins (needed after server restarts), admin PIN, reset PIN and
revocation certificate to folks having backup key dongles (ynezz, jow).
Signed-off-by: Petr Štetiar <ynezz at true.cz>
---
gpg/0x1D53D1877742E911.asc | 52 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
diff --git a/gpg/0x1D53D1877742E911.asc b/gpg/0x1D53D1877742E911.asc
new file mode 100644
index 0000000..15a601e
--- /dev/null
+++ b/gpg/0x1D53D1877742E911.asc
@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZGYbnhYJKwYBBAHaRw8BAQdATHfcRHxMqX/Z/bRtFvHekZK6uM1BV13gDBvR
+uHWswEG0Nk9wZW5XcnQgQnVpbGQgU3lzdGVtIChOaXRyb2tleTMpIDxjb250YWN0
+QG9wZW53cnQub3JnPoiUBBMWCgA8FiEEiovBL0a4NsD5zbNvHVPRh3dC6REFAmRm
+G54CGwEFCRLMAwAECwkIBwQVCgkIBRYCAwEAAh4FAheAAAoJEB1T0Yd3QukRj7wA
++wcedxIFa5zySg2+R7LtMnUuuICsnZAkt+dYLFpOg1+eAQC9mXQlUjxD6o7OmCUI
+D2dnaFUn5oaAx+Pp/1MaeYs+A4kCMwQQAQoAHRYhBFTMdDB6LG3JzmGCac2EvO1i
+ZHHxBQJkZimAAAoJEM2EvO1iZHHxmT4QAK58mk2DacqyPDgED8VkI1lTXOkQF7GD
+w/BQHoEtZun8NtvCjEYtJ+6JA6Z0GOKAl8LTIntX7j7wFaaJWiZ9B6jmwyl4DK+Q
+SRnstMCv3jYaEiTlT8GQQXZpTGBpPUCCzp3ykqG1E8Yq9erXsR+et9rinF+hxjvQ
+9a7lVETAec0EEpwA9WYpR/H8VJQVpT+PIRZnyI+mgQgmxJvYkJ1L6ubWPznjDvPm
+IpIeUKGym+oZjtwVT7uYWZFdfrYw3wOdOm+IytXAEQerbMwog9AAl+/n4xHVooFP
+0ZT4hOA1vgeobx2MRAdipJzhp6vNwCsJ9iCYU9LexveYzkUXqpED59iwnsQdIPSv
+DI9J0jNBbNFzqj3XxN4/lyFtvQG/Z4CE/682ez73E0jIhshvnZwuVcloQVuxpSAo
+hgFpy3QDUMr/BqP3q5kl04NaCxrTgmPACbj6LxHLXX7m7xnAdi9HNqsi23jTlC7T
+Fyk+xEnBwKsdpERPr0T3lIiizl3VIQrW36IRgdR8urRDETFWJ+TmhO2AiM2gmaYe
+l/UH2MiCNfsDEmCMp+Fjb8YcEp8ZVed8pEmaNzlG7ykf4qMzoeTR5uewupLf/ni9
++QtruqXe93TZLuCn6OADAC/nZwFnO0AzELpIcB+1gECBMORzfl5O4F0gk/GN45Ti
+a+qYI/OBnO8BiQIzBBABCgAdFiEEv4VngaASk8hAmr5yzVToLa2zaE0FAmRmKagA
+CgkQzVToLa2zaE0kRxAAlTRGMJeUrUiHQ7t0ES+7trydHX//xQhH2XBJhEjESSHi
+ElYr9fnm+jthu5PqOeSho0mRhPlmKjgztX6eRF/dAxhbiCcUqKQcxrOLwRxP+BDB
+pJ5MEbGWtNiMmdqbTCPA/7ehys4lLnwPK2IkLiwc8cUuw3VSYPlDvEUE5f8XlcNQ
+q/7rijNM+zBGc/67qIAIemRDbF2nNVKd52fZ+v75CzSMkfje5F2j5L/zZSCYLMex
+n0TYW/XfSimjQRj0xoedt5GM6nfhDX1/cD85Ntzt6t5v5lEZsIh1F33ffCVjqq/x
+XHg3CVCZFxBN+zyrcjuW8CMvGCWYTOWQplGFNX1lU541foG0xKDtS/HBS+iwS7A2
+k9sOGP89SJGb4ECzYSybnRr1sYlKds77tYZQ3AS+KSUDeDi/zCyu8Y6DzioRAhls
+jeke8YRdZj+NSZJ+MTTQlrUcL/50f89B0gK5zY7Dvb0oVmC9eVeaHHmeRbTweTuv
+YjQerHl47L8vCpPSOKBIHAlFMv4gg992yQYjdwIIWNF6KlbwA8X5ie/LM8RPRyeU
+8wTy4dQnsD9sQaWfEri4lVylzhViK5w21Lg+gqfkSm8ur1SSWlBNSBRDrX/A3kMR
+t3+KulbfEDnAhFjA5YLjqI8vIOEi5c1Ls/QoUuXyG8jQCuTaXluebMN2/F85aZmJ
+AjMEEAEKAB0WIQRmcgXjebrzSIY6XGaIylnoj2gVgAUCZGYp1AAKCRCIylnoj2gV
+gC+lD/9KvdfZm9I3DuKXItH6EzBAtrrjUvlooj1dupsnIPdJKxypKA/PCrztALbJ
+dOBIKrsXX121L+NFShaqup9TYcoWPkBZkr7ATDGke/KjO1NRRE1awBQeDQDmoQsx
+EGtL+M+Dd0Jv7SZ9eHMQ8YBDXwpB11v9ZiCWFPfk0J8C8BzypByq8uXzAh1h9mXG
+LsRgNwl6ARORw03TtYiqMLhOyGt9/+qNQZ0UfIKoQ9JRVYRY0cg0HYp4J1zb/i0Q
+r6g8fvy9lNX+Fcpu1mPX08fRHKTtJJNmdl15N5o+h/NhUhkO88veqtAMdJCGim7F
+uL14o2izbTgP8lqDpQp3Q3Lmxfrx3B0MV05u/OsmUx0NOMyLEiTt8KJOKKlMXkqV
+wH7CD1f7y9CcmTUOp1n5UMdiMYpSOaLIlSKlrOE1wv2TLdFnnX7QAcs9/GIdAR5N
+EDscTG6tC5lqSWWwdvMp8ZSa04lMiOZft8GZdgxab4Dn4hLTRBYcCfda0abItO72
+BPa0GFU2Ok3uPDUIySP7r1SJGL0bm1tXbAnSuXRlwon6xEEOwBHds+6lHEKUs3Ym
+o+OLD4Sf02Jl1GF+1Y+bI2PBxbiVluaUGuZDnPBfjKTELktuSsRSBMgLVQpe37fm
+ISkQE1I6+g6LKdsq7bGT43KBX3F2q7YVCqlfV047TQb6EJ+VU7gzBGRmG54WCSsG
+AQQB2kcPAQEHQDz1QTCdR5SStzy65qlYiN9gWjSU347TG/9sKcztDvAsiPUEGBYK
+ACYWIQSKi8EvRrg2wPnNs28dU9GHd0LpEQUCZGYbngIbAgUJEswDAACBCRAdU9GH
+d0LpEXYgBBkWCgAdFiEEksVh3lWuZVLzxza4KwFRCQYG0dkFAmRmG54ACgkQKwFR
+CQYG0dlqGAEAsH7jgDtmeLnLfH+ucBZk0dhkuVA9adN3Dy8yW83zTiUBAK4KBz/o
+0mYEoOOVwGMdtvTWByr7PEt83N96b553uBIJ800A/2F7rSfPvh7z+iePy7/2wTd9
+8xw/e3wp+I1Wtxo5UYjrAQCIiS2AkkuaKsdqi1TPOFkigpUHMcb7CeusiXYVIoR5
+DA==
+=kEP/
+-----END PGP PUBLIC KEY BLOCK-----
More information about the lede-commits
mailing list