You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Agreed, I think we should fail all SHA-1 signed keys. Yes, GPG will still accept them, but they're bad and we should discourage their use. Plus it should be easier to rotate OSSEC + journalist keys vs the submission key since they're not public facing.
Description
securedrop-admin should reject Submission Keys that have SHA-1 signatures
https://sequoia-pgp.org/blog/2023/02/01/202302-happy-sha1-day/
We should install
sq-keyring-linter
as part of the Tails Admin Workstation setup, and then check the key in https://github.com/freedomofpress/securedrop/blob/develop/admin/bin/validate-gpg-key.sh, erroring if it fails the linterThe text was updated successfully, but these errors were encountered: