.. title: New GPG "Head Key" .. slug: new-gpg-head-key .. date: 2021-08-24 14:20:36 UTC-04:00 .. tags: gpg security .. category: .. link: .. description: .. type: html

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

We are adding a new GPG key as part of a security strategy. We now have a "head
key" that functions as a CA. The sole purpose of this key is to sign other keys.
All Ninja OS keys will be signed with this key, and nothing else will be. Thus
it will allow creation of new ninjaos keys that can be verified only by looking
for this signature on the key. This key is kept offline, in an arrangement that
it will not be loaded in day to day operations.

Bullet points

* This key is used to prove other keys belong to Ninja OS
* All Ninja OS keys will be signed by this key, do not trust anything not
* It will do nothing else
* It is kept offline

The GPG page is updated with both headkey, and signed versions of existing keys
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQTGWx84OkbDij08/fnGHsaBoUivUQUCYSU5zQAKCRDGHsaBoUiv
UY2XAQC+cl27RvIErrQER0dhSjGYXgE2sO6ROguVbpuSXs3XtQEAs/igOz9E/upI
NeaeJ2rSfDFnVcjXKv0C388ZHQT7nQo=
=zG7W
-----END PGP SIGNATURE-----