autinerd/keys
1
0
Fork 0
forked from infra/keys
Code Pull requests Activity
Public Key verification for infrastructure administrators
26 commits 2 branches 0 tags 79 KiB
Python 100%
Find a file
kleines Filmröllchen ef2e22d65a Merge pull request 'script bugfixes' (#6) from script-fixes into main 
Reviewed-on: infra/keys#6
2025-02-04 23:38:51 +00:00
.forgejo/workflows ci fuckery 2025-01-28 11:24:26 +01:00
autinerd Add keys for Sid 2025-01-29 20:28:32 +01:00
denny add keys for denny 2025-01-29 18:05:02 +01:00
filmroellchen simplify meta format and expand documentation 2025-01-28 22:49:33 +01:00
lilian add keys for lilian 2025-01-29 22:11:18 +01:00
philipp add pubkeys for philipp 2025-01-29 00:27:03 +01:00
.gitignore CI and scripts and readme and such 2025-01-28 11:02:35 +01:00
LICENSE CI and scripts and readme and such 2025-01-28 11:02:35 +01:00
README.md badge + docs fixes 2025-01-28 23:20:17 +01:00
verified-commit.png CI and scripts and readme and such 2025-01-28 11:02:35 +01:00
verify.py unfuck ref resolution too 2025-02-05 00:37:13 +01:00

README.md

Verified cryptographic keys for use with CTBK infrastructure

Only trust the keys in this repo if the following badge is green:

CI status

This repo holds all SSH keys and Wireguard keys for sysadmins of the Chaostreff Backnang infrastructure. It is a simple database of all valid cryptographic keys, with verification (i.e. signatures) that they have been supplied by their owner.

The workflow roughly goes like this, with detailed explanations further below:

  • Users add their SSH key(s) to their account on git.ctbk.de and verify them. This can establish an additional, optional link between an email address and the keys. Therefore, access to a git.ctbk.de and IdP account verifies the accuracy of the SSH key(s).
  • Users commit their keys to this repository, in a user-specific directory, making sure to sign their commits with the same SSH key(s) they added to their account. Therefore, the account SSH key(s) verify their own public keyfiles and, by extension, all other files in the same directory.

The chain of trust and verification is therefore: IdP account -> Forgejo account with specific username & email address -> SSH key added and verified in Forgejo -> Git commit in this repo, made with Forgejo account name and email address, signed with account SSH key -> Files in the commit, containing the username, email address, SSH key(s), and more.

Using this repository

Make sure to follow this guide carefully, otherwise your commits may not be verified correctly!

Forgejo setup

Add your SSH key(s) to your Forgejo account:

  • Click on your user profile picture.
  • Click “Settings”.
  • Click “SSH / GPG keys”
  • Click “Add key”
  • Add your key and give it a comment so you remember its purpose. Currently, all Forgejo SSH keys are general-purpose, but in case this ever changes, make sure the key can be used for commit singing.
  • The new key should appear as unverified. Click “Verify” next to the key you just created. Forgejo will provide you with a random string to sign with your SSH key and a command line which can be used to do this. Paste the SSH signature and your key should now be verified.

Repeat this for at least every key you plan to use for signing, not necessarily every key you want to commit to the repository.

Make sure every email address you want to use with Git (see below) has been added to your profile. This is possible under the “Account” tab in the settings. Note that neither Forgejo nor CI check whether that address actually exists, so feel free to use a made-up noreply address such as username.noreply@chaostreff-backnang.de.

Git setup

Any of the git config changes may be executed with --global, at your option.

Change your Git email address and user name to any email address known to Forgejo, and the Forgejo user name (not display name), respectively:

git config user.name  forgejo-user-name
git config user.email user@example.net

Add your SSH key to Git as a signing key, and enable signing:

# must be an absolute path
git config user.signingkey path/to/your/key

git config commit.gpgsign true
git config gpg.format ssh

If you configured everything correctly, your commits should appear with a green padlock in Forgejos interface:

A verified commit by kleines Filmröllchen as seen in Forgejo’s interface. Next to the commit hash a green padlock is shown, as well as their profile picture.

Changing (and adding) your verified data

Make all changes as necessary, see below for a description of user files and their formats. Make sure to only modify a subdirectory named exactly like your Forgejo user name. When youre done, create a commit, ensure the commit has been signed properly, and open a pull request.

The CI will run on your PR and verify the changes have been signed by the correct user. As an administrator of this repo, never merge a change that doesnt pass CI.

Pull requests are merged by Git merge, which preserves the signing status. The CI should check out on main as well; otherwise, some users key data in Forgejo may have changed. These users must be notified ASAP so they remove their outdated keys and add new keys if they want to keep their verified data. Worst case, the files can be removed, removing them from the verification.

Signed user files

There are only two mandatory files in your user directory: keys and meta.toml.

keys

keys is simply your list of SSH public keys. Any key you use to sign commits in this repository must be part of that key list. This is to provide extra verification that you didnt commit wrong keys on accident.

meta.toml

meta.toml provides metadata in TOML format. Not all of this metadata is currently checked (or required), but please stick to the format in case we decide to automate more parts of it in the future.

Option Type Explanation
name string User name, must match the committer name and Forgejo name.
email string Email address, must match the committer email address.

wireguard

This optional file contains only your Wireguard public key. The public key is used for connecting to the Chaostreff VPN.