[pve-devel] [TurnKey Linux] Looking to update our signing key... Advice?
Jeremy Davis
jeremy at turnkeylinux.org
Wed Nov 22 05:50:39 CET 2023
Hi,
Apologies in advance if this is not the right place to post this. Please
redirect me to the appropriate forum if not. I'm also happy to discuss
off list if that is deemed more appropriate.
My name is Jeremy and I work with TurnKey Linux.
As a housekeeping matter, we're looking to update our GPG signing key -
that we sign the index file we provide for downloading our LXC templates
via the PVE UI (which includes hashes of our templates).
The current key recently expired (caught us a bit unawares). We updated
the expiry to keep it alive. And it doesn't seem to have caused any
issues (at least not in my local PVE servers).
However, the key is quite old and doesn't have current best practice
size (RSA-4098 AFAIK?). So I'd like to rotate it.
I was hoping that someone with some authoritative knowledge of the
relevant PVE components would be willing to give me some guidance on the
process (not generating the key itself, just the PVE integration
specific bits). Hopefully that can ensure that key rotation causes
minimal disruptions to users.
Also if there are any specific PVE recommendations/requirements re the
new GPG keypair to generate, that would also be great.
Thanks in advance.
Regards,
Jeremy Davis
TurnKey Linux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20231122/b83e22a1/attachment.sig>
More information about the pve-devel
mailing list