Specify how to sign/verify AirgapOS hashes #26

New Issue

Open

opened 2024-12-19 21:11:38 +00:00 by scjudd · 0 comments

scjudd commented 2024-12-19 21:11:38 +00:00

Member

Copy Link

In the "Setup Steps" for AirgapOS:

7. Commit the hash of airgap to a git repo, ensuring the commit is signed

Some more instruction here would be good:

• Where should one commit this?
• How to perform a signed commit?
• How to establish that a particular commit signature 'means' something (i.e., we have a trusted keyring set up)
• Where later in the process is this commit signature verified?

In the ["Setup Steps" for AirgapOS](https://git.distrust.co/public/docs/src/commit/57faca72fdb54682ca119f41c3250eee8cf7c795/quorum-key-management/src/one-time-use-airgapos.md#setup-steps): > 7. Commit the hash of airgap to a git repo, ensuring the commit is signed Some more instruction here would be good: - Where should one commit this? - How to perform a signed commit? - How to establish that a particular commit signature 'means' something (i.e., we have a trusted keyring set up) - Where later in the process is this commit signature verified?

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/tamper-proofing-chain-of-custody

coding-standards

feat/quorum-kms

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: public/docs#26

No description provided.