Hey all, I'm creating a service to easily sysupgrade to new releases. My plan is to sign all images via usign and verify the signatures on the clients (router).
Currently I have no Idea how to mange the private keys and I came up with two possible scenarios: a) - Builders send image to update server - Update server signs image - Bad as secret keys shouldn't be stored on web servers b) - Builders have their own secret keys - Sign images on build - Exchange signatures with update server - Somewhere safe is signed list with all builder public keys - Good? How is the current setup for LEDE? The update server generates images on demand so no air-gap is possible, signing should happen just in time. Thanks for all help! Best, Paul _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
