From 176e245b3cb3ada322c21eef0bce166dc5a5e4c7 Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Fri, 28 Jun 2024 17:11:09 +0200 Subject: [PATCH] README: rotate Sigsum keys Switched to a pair of keys, one kept offline and one on a Tillitis key. The following script provides key continuity from the previous key. --- cat << EOF > msg.txt These are the new age Sigsum keys as of 2024-06-28. The previous one won't be used anymore ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1WpnEswJLPzvXJDiswowy48U+G+G1kmgwUE2eaRHZG ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAz2WM5CyPLqiNjk7CLl4roDXwKhQ0QExXLebukZEZFS EOF cat << EOF > msg.txt.proof version=1 log=c9e525b98f412ede185ff2ac5abf70920a2e63a6ae31c88b1138b85de328706b leaf=e2f0 61d17df1ab563aedf70a662d5344b2d163c7a35aaeaa1ecc6c1631c02d46883e c4564b0b0b70ebb4236e26f971cb467c59200575c01c4d07a5d8e298a6d2319c59bbc162363ffb4f690b581851621bd3de311e9559a1a0432522e2b567647e03 size=24226 root_hash=03b0fc19c812e51e764474d161b944db4ea20dfc13815b738fa4f433f56954c0 signature=b95530661d716886926a49ad4e08435c7980348836eefe4706cc611a6af9dc6ddb160189d4aa177c97f807fa0240cb27b9d5f075084cf3a4a2514eade7d40f00 cosignature=1c997261f16e6e81d13f420900a2542a4b6a049c2d996324ee5d82a90ca3360c 1719587282 02d3f9b34d62f1b735e6c13f2ad7766ed2066a167dba25d526a2acbbf628588c58a888f9abab50ff151f8440076e8bf39564e4f893a32be432e97cd18b936c0e cosignature=70b861a010f25030de6ff6a5267e0b951e70c04b20ba4a3ce41e7fba7b9b7dfc 1719587283 14b8654586763b6798dc7e7b46565236618f2824135076ba71e18908bf893d73be95c143b8c8cbe48de9ea6267ff5f23f8d870ded7d22ed6e54811393d174402 leaf_index=24157 node_hash=c5782abde765bc2c460d25f0bc1f8f89d787e5b8a141e862eeb550631cb61ca2 node_hash=283f014735692dfda045ca9c32352d5d0f99207862c35214dfaa69810eec6e2f node_hash=24987bf3ec7c3c8932783faf0fe01ff49c7793c3d25925da180165c3292b786d node_hash=ba14f9dd00a506474251599083e83a4bf7327491f6ebd5cca1ac8a6863456eb5 node_hash=55aceb2864d26c9c04c85a294e92dfdfa13bb45eeda0286d21f19411763237f5 node_hash=69cc9e7f7ad56da996abeb315dc2ffb3e1e1f02e8097facfae75f06f9e8f9bc9 node_hash=1408251ffc0d485551b058813d7b1227bb91a179b9f0851a6e69e9bb99623eec node_hash=ca99c77b91c6aa9f55fba8d6d9c80058dcc0444a2e9df3f7a616d7e2d274fb58 node_hash=b95d29a868d7e4413dab001a414cfe4cab65e113bc831cf41ab9003250ede3c9 node_hash=5ced132a7cc05272b797b7ad2e71208366d8023d09bad755514cd86e37a849fd node_hash=95803b981443b4ff080b5a14927e24e5efc8186b327320b633005213ca3aeff4 node_hash=3aad6b63102dede3851d575b01bb60a5832d9f31eb3405b73aa7d629a1acaaa8 node_hash=c929af9f6731f63a493668627f58810d892dc51f8aa1c9a4de1573cd3e51e62f EOF sigsum-verify -k age-sigsum-key.pub -p sigsum-trust-policy.txt msg.txt.proof < msg.txt --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 5d2c678..3d69d5b 100644 --- a/README.md +++ b/README.md @@ -168,7 +168,8 @@ Database](https://go.dev/blog/module-mirror-launch) provides. ``` cat << EOF > age-sigsum-key.pub -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEjDYFJ4WVbxRLcgbppmPaMFS/Wbq+1r9cl4qdJTyRVL +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1WpnEswJLPzvXJDiswowy48U+G+G1kmgwUE2eaRHZG +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAz2WM5CyPLqiNjk7CLl4roDXwKhQ0QExXLebukZEZFS EOF cat << EOF > sigsum-trust-policy.txt log 154f49976b59ff09a123675f58cb3e346e0455753c3c3b15d465dcb4f6512b0b https://poc.sigsum.org/jellyfish @@ -178,10 +179,10 @@ group demo-quorum-rule all poc.sigsum.org/nisse rgdd.se/poc-witness quorum demo-quorum-rule EOF -curl -JO "https://dl.filippo.io/age/v1.2.0?for=darwin/arm64" -curl -JO "https://dl.filippo.io/age/v1.2.0?for=darwin/arm64&proof" +curl -JLO "https://dl.filippo.io/age/v1.2.0?for=darwin/arm64" +curl -JLO "https://dl.filippo.io/age/v1.2.0?for=darwin/arm64&proof" -go install sigsum.org/sigsum-go/cmd/sigsum-verify@v0.6.2 +go install sigsum.org/sigsum-go/cmd/sigsum-verify@v0.8.0 sigsum-verify -k age-sigsum-key.pub -p sigsum-trust-policy.txt \ age-v1.2.0-darwin-arm64.tar.gz.proof < age-v1.2.0-darwin-arm64.tar.gz ```