[LEDE-DEV] usign image signatures for update server
Paul Spooren
paul at spooren.de
Thu Aug 31 14:08:34 PDT 2017
Hey all,
I'm creating a service to easily sysupgrade to new releases. My plan is
to sign all images via usign and verify the signatures on the clients
(router).
Currently I have no Idea how to mange the private keys and I came up
with two possible scenarios:
a)
- Builders send image to update server
- Update server signs image
- Bad as secret keys shouldn't be stored on web servers
b)
- Builders have their own secret keys
- Sign images on build
- Exchange signatures with update server
- Somewhere safe is signed list with all builder public keys
- Good?
How is the current setup for LEDE? The update server generates images on
demand so no air-gap is possible, signing should happen just in time.
Thanks for all help!
Best,
Paul
More information about the Lede-dev
mailing list