Generate a new long-term offline signing key
Our current long-term offline key is quite old (which also has benefits). It would be great if we could rotate that. Ideally, that could be an ECC one.
Challenges:
- How do we handle the transition period for (the very few) users verifying IMGs manually?
- Note: such users have trouble keeping their copy of our signing key updated (e.g. they regularly ask Help Desk about verification failure due to expired subkeys).
- How do we handle the transition period for Tails Upgrader?
- Ship both keys in they Upgrader's keyring
- UDFs for N+1.x: signed with new key
- UDFs for N.x: signed with old key
This work is a superset of what we do when we update the signing key and generate new signing subkeys, which requires hardware and release managers, e.g. tails/tails#19273.
Edited by intrigeri