Automated digital signing of OS artifacts

https://lists.archlinux.org/archives/list/arch-dev-public@lists.archlinux.org/thread/BOMYF4UTJJ37UIBXW52OU7WJTT3YPTKS/

#ArchLinux #Linux #RFC #OpenPGP #DigitalSignature #Automation #Signstar #NetHSM

On my way to #FOSDEM

I'll do a talk about the #ALPM project tomorrow at 18:05 in the #RustLang devroom:

https://fosdem.org/2025/schedule/event/fosdem-2025-6259-adventures-in-oxidizing-arch-linux-package-management/

If you want to chat about that project or e.g. #signstar, feel free to reach out!
Otherwise you may find me in the cantina with other #ArchLinux people.

#FOSDEM2025

With the release of `nethsm-cli` 0.6.0 it is now possible to issue signatures for signing requests! 🎉 📦 🦀

https://crates.io/crates/nethsm-cli/0.6.0

Signing requests for files can be created using `signstar-request-signature` (see https://chaos.social/@dvzrv/113646761365294969).

#DigitalSignature #RustLang #ArchLinux #Signstar #NetHSM #Nitrokey #OpenPGP #Cryptography

We have just released the first version of
`signstar-request-signature`, which is another piece of the #Signstar puzzle. 📦 🦀

https://crates.io/crates/signstar-request-signature/0.1.0

With this #RustLang #crate a #library and #CLI is provided for creating, reading and writing of signing requests for files.
The implementation has again been done by the awesome @wiktor 👏 🥳

#ArchLinux #NetHSM #Nitrokey #DigitialSignature #OpenPGP

High-level documentation for the #Signstar project and all of its crates is now available at https://signstar.archlinux.page

#ArchLinux #NetHSM #Nitrokey #Cryptography #RustLang

We have just released the first version of the nethsm-backup #crate 📦 🦀

https://crates.io/crates/nethsm-backup/0.1.0

The #RustLang library, written by the wonderful @wiktor, is used to #parse, #decrypt, #validate and #browse #NetHSM #backups.

#Nitrokey #ArchLinux #Signstar #Rust

With the release of the nethsm-config crate in version 0.2.0 we have added some exciting new features!

https://crates.io/crates/nethsm-config/0.2.0

A fully validated #configuration file type can now be used to map various system user types to #NetHSM users.
This file format brings us a step closer to our first test setup for #Signstar.

#Rust #RustLang #Signstar #ArchLinux #Nitrokey

The #nethsm crate has just been released in version 0.7.0. 🎉

https://crates.io/crates/nethsm/0.7.0

In this version we added several improvements for the use with #OpenPGP (such as updating to the latest #rPGP) and added integration for validated key setups.

#Rust #RustLang #ArchLinux #Signstar #Cryptography #DigitalSignature #Nitrokey

We have just released the first version of the nethsm-tests crate 🥳

https://crates.io/crates/nethsm-tests/0.1.0

This library helps to test against #NetHSM #containers and has been split out of the nethsm crate.

#Rust #RustLang #Nitrokey #ArchLinux #Signstar #DigitalSignature #Cryptography

My talk "Boring Infrastructure: Building a secure signing environment" from #asg2024 is online:

https://media.ccc.de/v/all-systems-go-2024-263-boring-infrastructure-building-a-secure-signing-environment

You can find the slides for it at: https://pkgbuild.com/~dvzrv/presentations/all-systems-go-2024/

#AllSystemsGo #OpenPGP #DigitalSignature #Signing #Berlin #Linux #ArchLinux #Signstar

The #RustLang based nethsm-cli package on #ArchLinux is now properly indexed. 🗂️

This means you can read all of its man pages online as well 📖 🎉

https://man.archlinux.org/listing/extra/nethsm-cli/

#Nitrokey #NetHSM #CLI #cryptography #documentation #HSM #OpenPGP #Signstar #DigitalSignature #encryption #decryption

We have just released version 0.2.1 of the nethsm-cli #RustLang #crate to fix the creation of man pages and shell completions (they had been created under a wrong application name). 🩹 📚

https://crates.io/crates/nethsm-cli/0.2.1

Once the correct ones have been added to the #ArchLinux man page indexer, I will add a link.

#CLI #HSM #encryption #decryption #DigitalSignature #signing #OpenPGP #Nitrokey #Signstar #NetHSM

We have just released version 0.2.0 of the nethsm-cli #RustLang #crate. 🥳
This executable allows for easy integration with @nitrokey #NetHSM devices (and containers).

With this release we have added #namespace and #OpenPGP support! 🔑
Also, users can now rely on shell completion and man pages! 📚

https://crates.io/crates/nethsm-cli/0.2.0

Thanks to @wiktor for working out #OpenPGP support using #rPGP! 🎉

#CLI #HSM #encryption #decryption #DigitalSignature #signing #ArchLinux #Nitrokey #signstar

We have just released version 0.4.0 of the #nethsm #RustLang #crate. 🥳
This library allows for easy integration with @nitrokey #NetHSM devices (and containers).

With this release we have added #namespace and #OpenPGP support!
Additionally, large parts of the documentation have been improved.

https://crates.io/crates/nethsm/0.4.0

Thanks to @wiktor for working out #OpenPGP support using #rPGP! 🎉

#HSM #encryption #decryption #DigitalSignature #signing #RustLang #ArchLinux #Nitrokey #signstar

Tomorrow I will be doing a talk at #FrOSCon about a project that I have been working on for a while: #Signstar - a secure signing environment based on @nitrokey's #NetHSM

https://programm.froscon.org/2024/events/3139.html

#FrOSCon2024 #Rust #RustLang #DigitalSigning #ArchLinux #OpenPGP #SecureBoot #Packaging #Automation #HardwareSecurityModule #HSM