Specify how to sign/verify AirgapOS hashes #26

New Issue

Open

opened 2024-12-19 21:11:38 +00:00 by scjudd · 2 comments

scjudd commented

2024-12-19 21:11:38 +00:00

Member

In the "Setup Steps" for AirgapOS:

Commit the hash of airgap to a git repo, ensuring the commit is signed

Some more instruction here would be good:

Where should one commit this?
How to perform a signed commit?
How to establish that a particular commit signature 'means' something (i.e., we have a trusted keyring set up)
Where later in the process is this commit signature verified?

In the ["Setup Steps" for AirgapOS](https://git.distrust.co/public/docs/src/commit/57faca72fdb54682ca119f41c3250eee8cf7c795/quorum-key-management/src/one-time-use-airgapos.md#setup-steps): > 7. Commit the hash of airgap to a git repo, ensuring the commit is signed Some more instruction here would be good: - Where should one commit this? - How to perform a signed commit? - How to establish that a particular commit signature 'means' something (i.e., we have a trusted keyring set up) - Where later in the process is this commit signature verified?

anton commented

2024-12-23 22:20:19 +00:00

Owner

This can live in the ceremonies repository. I wrote a document about how this repository is set up, and it can be the place where we put all artifacts related to ceremonies:

https://git.distrust.co/public/docs/src/branch/main/quorum-key-management/src/component-documents/ceremony-repository.md

This can live in the `ceremonies` repository. I wrote a document about how this repository is set up, and it can be the place where we put all artifacts related to ceremonies: * https://git.distrust.co/public/docs/src/branch/main/quorum-key-management/src/component-documents/ceremony-repository.md

anton commented

2025-01-03 19:42:52 +00:00

Owner

@scjudd please let me know if my previous comment addresses your concerns.