Mr Staker Logo
DEB Repository

    Signing Key Rotation

    Describes our signing key rotation.

    Rotation policy

    Our keys have a cryptoperiod of 3 years which is the maximum recommended by NIST SP 800-57. This is significantly shorter than most signing keys used by distribution/software maintainers, hence our use of bundled keyring via the staker-repo package to support key rotation.

    In practical terms a key isn’t used to sign releases for the full 3 years period as the key rotation needs transition periods. Therefore, the key lifecycle is as follows:

    • 1 year in seed mode. The key is created, but it is not actively signing/validating releases. The purpose is to provide some overlap with the key which is currently used for signing and validation (i.e the active key) and allow this key to be installed before being actively used.
    • 1 year in active (sign/validate) mode. This is the key which is currently used to sign releases.
    • 1 year in validate mode. This is a previously used active key which can still verify signatures, but no new releases are produced using this key.

    The only exception to this rule is the 1st key ever used for signing releases which shall be in active mode for 2 years. There’s no key to fulfil the seed mode for the 1st year.

    Rotation procedure

    You need to update the staker-repo package at least once per year in order to get a keyring which contains the signing key that shall be active for future releases. Should you fail to do so, you must follow the repository installation procedure and go through the bootstrap steps again to fix your installation of this repository.

    ← Uninstall Repository
    Package Signature Validation →