[LEDE-DEV] usign image signatures for update server

[Paul Spooren]

Hey all,

I'm creating a service to easily sysupgrade to new releases. My plan is
to sign all images via usign and verify the signatures on the clients
(router).

Currently I have no Idea how to mange the private keys and I came up
with two possible scenarios:

a)
- Builders send image to update server
- Update server signs image
- Bad as secret keys shouldn't be stored on web servers

b)
- Builders have their own secret keys
- Sign images on build
- Exchange signatures with update server
- Somewhere safe is signed list with all builder public keys
- Good?

How is the current setup for LEDE? The update server generates images on
demand so no air-gap is possible, signing should happen just in time.

Thanks for all help!

Best,
Paul