Project

General

Profile

Feature #1935

Document and/or decide on the Replicant project signing and encryption key usage and policies

Added by Denis 'GNUtoo' Carikli 11 months ago. Updated 4 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Website and wiki content
Target version:
Start date:
05/13/2019
Due date:
% Done:

100%

Estimated time:
Resolution:
fixed
Device:

Related issues

Blocks Replicant - Issue #1960: Build release candidate image for 6.0 0004Closed10/09/2019

Actions

History

#1

Updated by Denis 'GNUtoo' Carikli 11 months ago

  • Subject changed from Document and/or decide on the Replicant project gpg key usage and policies to Document and/or decide on the Replicant project signing and encryption key usage and policies

Replicant mainly uses gpg for signing the releases.

The gpg key is also setup for the contact address, but it's use is highly discouraged as not everyone has access to that key.

Some people already used that gpg (public) key to send encrypted logs with potentially privacy sensitive information in bugreports, but as not everyone has access to that key currently only developers not participating anymore in Replicant can read such logs.

See the following for some examples of gpg usage:
https://tails.boum.org/doc/about/openpgp_keys/index.en.html

Building Replicant also generates some TLS signing keys to sign the images:
  • Keys are used by the recovery to verify the installation zip.
  • Keys are also used to sign apk within the Replicant image.
  • Keys might also be used for generating OTA upgrades, but that is currently unused by Replicant.
#2

Updated by Denis 'GNUtoo' Carikli 10 months ago

  • Category set to Website and wiki content
#3

Updated by Kurtis Hanna 6 months ago

  • Blocked by Issue #1960: Build release candidate image for 6.0 0004 added
#4

Updated by Kurtis Hanna 6 months ago

  • Blocked by deleted (Issue #1960: Build release candidate image for 6.0 0004)
#5

Updated by Kurtis Hanna 6 months ago

  • Blocks Issue #1960: Build release candidate image for 6.0 0004 added
#8

Updated by Kurtis Hanna 4 months ago

  • % Done changed from 0 to 100

We should create a new issue, if it isn't created already, related to using a keyring with the public key of several Replicant developers, like it is done in Parabola with the parabola-keyring package, as is discussed at the link GNUtoo provided above.

Also available in: Atom PDF