Update SECURITY.md: add the signing pubkeys

This commit is contained in:
Jeroen 2022-08-23 11:34:24 +02:00
parent 9d20b0e80f
commit 14bd528654
Signed by: jeroen
GPG Key ID: 7C7028F783798BAB
2 changed files with 52 additions and 1 deletions

View File

@ -28,10 +28,10 @@ This Gitea instance is configured following best practices, in order to thwart l
- Backups are made every 24 hours, using a 'pull mechanism'. This server does **NOT** have access to the backup repository. - Backups are made every 24 hours, using a 'pull mechanism'. This server does **NOT** have access to the backup repository.
- SSH is hardened (PKI authentication, MFA via hardware tokens). - SSH is hardened (PKI authentication, MFA via hardware tokens).
- SSH ciphers are hardened, these are in use: - SSH ciphers are hardened, these are in use:
``` ```
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com
``` ```
- The GPG public keys can be found in `signing-keys/`

51
signing-keys/jeroen.asc Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBFsdUUYBEACpGR9kCc1FrZvUE6ocew2Eo5jfE7JaZs3PAbp33tfIObdVvdfi
Iwt4efYd9gZi6Yyg7IowCWXQ+kV8eyPRfl0iOXK9K0WZz7DJxd/Ew9X2/YqT0o0q
7AELpV0GZaAcXqTgt9oBBc62b5dFedibvLSuTQ6xJ6un+0OrMp9UhtvZPtsW/tle
U8b1yY6LZw4wUGo7wltrxU/RCc9oU2M4N8e7W53i4SEtxd5qFrOMa9dOBNBm4rps
yzAZMkb5+ZcqOh5Voq9hS1GDslTIIVTIq+nC2uZrYnWoY0lZTB3T3MM7eafaglS8
Khy57ee2wJVZDsOB2N0GdcUxyf3ilBS+y5mCBCoRlitdZGR+FEjDan8xngfU+kgd
SIsiogri/5u+RjXIO/+YILqTra5vBTrPauqGY145+embl5+UOYeuaYlW/+zTp1Q0
J2zAshaJXGJyftykCV+0gIktfJsUvE+8UPmaDpXWvUSHb2CjY60uEKr2iroKbJ3j
IK8HRetuyYy3099c4IMyKcuLP8hXRwccTQHdRoKxvyb46kveA7Qk22l58k/B8skO
tybqzBbPpwx8UmMjCaFfam4wd+b8abuAKy3Otp8MKTKf2Ajs0e2SmNHFObdZR8YS
G2KXlqIhKBy9mYpOKhVL0Jeeco3tE0S4twbrhY9oiJaPBQoWZkXY+bQlUQARAQAB
zSJKZXJvZW4gdmFuIExBWUxPIDxqZXJvZW5AbGF5bG8uaW8+wsF4BBMBCgAiBQJb
HVFGAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRB8cCj3g3mLqz/9D/0e
tvNQIIZ+JYTP/0qBpxktJVdLlVVpLQVl7l4axb2skKRj54KS2MEZsoUHS5O2P+7C
UJdDRKHBTWcA2PW4vjtJ3bc6JOENmHM6Ntt5Y1mcALGofDHz0cma/bb3pEZrcQub
NRrsSdEFu7ZD1n8UKF0UBW/24JFvQ5qfvcLWw9//ZQ6OhkZoHenMs0d8IXwUYsZC
BImCXiZJLdIqS9ESkfhm8l2zBQwFj+w/M4HeL9jD2kiIvMuaM11nHa8/15sdHrWE
fSN+aqc11X/fuFb/6ya48AsLIvF7wkA/B0c3delo0wwJISm9F/0pbbkPWbhDbxws
DB2ejGx6l/oP39+4NiAfq2Qf+RdOwOm7+ZtxdiIJe3qoJRHSULd8R4x5jmfxhH+i
0/T2EKyT+8mgc0H6GRC+3PTas7EEOs8WCgPkwjVqoETPZlwtpwBkY4REo+TjELoS
ar2ADwe+lpi8Qy9EGJcn/y+5sVmZx7q6aJ96ZnNrhRPuhlX+39NFATe4r13BNI3n
i3TCsUcsyk7cHpit/flP6z8I62UxfTzpCA/u4MOtWsJvNU+7R3MI6osFg+9c0Ti2
vNtlmrjWIumQaDJMHeYpLs0aENMsL2UtUvsRb6M5oJgZ9RIq2709/qLWGswj34ki
Dr8UhpITV4QxjzEMJ+3zM6BhqUKFWosDVa58jtSkrM7BTQRbHVFGARAA3bcX++gH
m+sR3JxeHGBpFCl2X8P/QLR+mYgp5/GBxgzkKKGN4f7jPzteK6QyMR+VvmZcR3Ea
K0UVROw71wN1kNKFxOt8rQ5Wup+KaOsOaC4vZWXOrMx8FtrfZfewAIFJStUZbu/P
RnSk0kQ++TpTtkmzjTseY35KJyo8NwxBZcduoKrp3Ur+k2awXrRQ90ENJUZW2hW0
cdxJi2ETjSES+FL8ig/C92bk0Da3YqEUk20SGEtJ2wbuQ9BKRk/itcH+oUUriaEy
tABy5n6jmSoHe2L/LnjiHNDIa+zDxvpcjMz11RuSLfXaKwFIW/8TguNCDf7WkNae
T1kb9UwiSqf/2Z+pmxAcGxmvOYMQ4xImg7GwY5k+W9dn7slDEwHeNdLdpCKobSBW
vk7QY+yU8Ubq2O1+Sn+KdYaz7kPFxGAzYFq1+YNHY+40mcJSZpqAK8NAI8wEg/Ju
R8RKYAW/Bdv9zyTnQ7+OHVaj7YsZJGOte4LdfIwoY1t+0zhPjVSSJF5wWDLKPcJ9
dLTK0+L9Dx+0vhTlPkvUqN7RA4THccafR4UONzklohGH+zTOxAZTcQ+jRCv6p6qC
3opmBl3hnv2w0rNXCj20Mp4QhLt+ZPoyn1tDyQHB9Xmo/l7PKX79P1RxC3aVX5EW
6y+Sp6iCt/vxIjr7eQDV5X1WAtjmPosgov8AEQEAAcLBXwQYAQoACQUCWx1RRgIb
DAAKCRB8cCj3g3mLqwMRD/9pDT2kt9y9ags3px0jpeQhxuzsPaB3V4nhkZJxkE8N
ujhzOz8OhGnzG4I0Lwenfdvwp99p4V9Lf2H/93MKlxp6INWDpz0QTBbhfiNxHP/1
Wxi2ozfzH1MjYC+08k1ry8yzeNm2e+V92vdwCT2a7acwZVIpxXfnMnj+2fyKwLtS
LUHsiKtE3v5WZ3tFsO0f8NKLc5xD7D0j8P5PAzuvgtPhQOshFtMLVX9P5zEY49tO
+i1S0gdQoMlKEXORhEbHHWbhDOfifUFl+50VYKB8dJxhQR+EDrGgYO3OwoZs54h2
2OYMue3D9Xe/0G5jpQdJpyEwk38CTz1zdjyyCyfA0IEQgw/9/oPghfLt55c4HSOL
8ALI4D3xEFPZV4HNkR/sXlaDuSF4yDECxhYRXDphTG3v3dXuNgYEwxoutIPPOPOJ
ZamMl1CgpXtp9olSi08SlQ6e0jpDXHVOMa+6ombcgC+gJdoGAjQUFgmg0qBN6jR3
fR2tPnS2bmGcjaQa986g0f+FC66GqU3t1wg+zwNM6hscOIt89rrrRls6df+gy4+N
LSWy8XX/N+QLc4A/85nb0PvEu0Ng6xIl2rW3PALMCAygecrMJNoje51OqgnIR3Gh
y+qMo24vmqFsFglUTDTHrKWE5LJCERzOkidGiTMvFKAiCOtfeBBgbdIpgoHk86Bm
hg==
=gqEU
-----END PGP PUBLIC KEY BLOCK-----