Generate new signing keys

[paragonie-scott]

The original signing keys were generated before Argon2i support was merged. I should generate a new keypair and update the corresponding public keys.

[paragonie-scott]

Why this hasn't been done yet:

1. I need to take the time to carefully update libsodium for the airgapped machine.
2. I need to memorize two new high security passwords to the point that I can reliably recall them from memory after a week of not using them.
3. I need to generate two new salts (easy).

[kmark]

This may be off topic for this issue but what is the procedure in the event you forgot a password? Would it make sense to have well defined procedures in the unfortunate event there's some kind of breakdown in protocol or other form of trust chain compromise?

[paragonie-scott]

That's why we have two passwords/keys.

The backup is only known by me and the CEO (in case, e.g. I have head
trauma), but the day to day one is only known by me. The backup one should
only be used to sign new regular-use keys. If this is ever violated, assume
NSL or worse.
On Apr 9, 2016 12:49 AM, "Kevin Mark" notifications@github.com wrote:

This may be off topic for this issue but what is the procedure in the
event you forgot a password? Would it make sense to have well defined
procedures in the unfortunate event there's some kind of breakdown in
protocol or other form of trust chain compromise?

—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub
#6 (comment)

[kmark]

Great, thanks for the clarification.

[paragonie-scott]

This has been done, I just need to copy the public keys over.

[paragonie-scott]

Redoing this with Halite 2.1.0 so I can use SENSITIVE for the key derivation. Expect a public key update tonight.