|
| 1 | +--- |
| 2 | +title: "Homebrew's new git signing key" |
| 3 | +author: woodruffw |
| 4 | +--- |
| 5 | + |
| 6 | +Over the next few days, Homebrew's repositories will begin to transition |
| 7 | +from PGP-based signing to SSH-based signing for [@BrewTestBot] commits. |
| 8 | + |
| 9 | +As part of this change, we will be rotating our [@BrewTestBot]'s key. |
| 10 | +This rotation should not affect most users, but you may notice |
| 11 | +it if you currently manually verify `git` commits from |
| 12 | +[Homebrew/brew], [Homebrew/homebrew-core], or similar. |
| 13 | + |
| 14 | +Once all repositories have been transitioned, we will revoke |
| 15 | +the old PGP key to prevent unintended future use: |
| 16 | + |
| 17 | +* Main key: `3C76C3F1E573FA9E` |
| 18 | +* Signing subkey: `82D7D104050B0F0F` |
| 19 | + |
| 20 | +The new SSH signing key has the following public half: |
| 21 | + |
| 22 | +``` |
| 23 | +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0QzQJ6gl6Yxru0QrSaDRNatiHajcKxDu9lxQrFl8Nw |
| 24 | +``` |
| 25 | + |
| 26 | +Users can also discover this signing key programmatically through GitHub's |
| 27 | +REST API: |
| 28 | + |
| 29 | +``` |
| 30 | +$ gh api /users/BrewTestBot/ssh_signing_keys |
| 31 | +[ |
| 32 | + { |
| 33 | + "id": 475371, |
| 34 | + "key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0QzQJ6gl6Yxru0QrSaDRNatiHajcKxDu9lxQrFl8Nw", |
| 35 | + "title": "BREWTESTBOT_SSH_SIGNING_KEY", |
| 36 | + "created_at": "2025-02-03T17:50:27.377+01:00" |
| 37 | + } |
| 38 | +] |
| 39 | +``` |
| 40 | + |
| 41 | +[@BrewTestBot]: https://github.com/BrewTestBot |
| 42 | +[Homebrew/brew]: https://github.com/Homebrew/brew |
| 43 | +[Homebrew/homebrew-core]: https://github.com/Homebrew/homebrew-core |
0 commit comments