[pve-devel] [TurnKey Linux] Looking to update our signing key... Advice?

[Jeremy Davis <jeremy@turnkeylinux.org>]

[-- Attachment #1.1: Type: text/plain, Size: 1287 bytes --]

Hi,

Apologies in advance if this is not the right place to post this. Please 
redirect me to the appropriate forum if not. I'm also happy to discuss 
off list if that is deemed more appropriate.

My name is Jeremy and I work with TurnKey Linux.

As a housekeeping matter, we're looking to update our GPG signing key - 
that we sign the index file we provide for downloading our LXC templates 
via the PVE UI (which includes hashes of our templates).

The current key recently expired (caught us a bit unawares). We updated 
the expiry to keep it alive. And it doesn't seem to have caused any 
issues (at least not in my local PVE servers).

However, the key is quite old and doesn't have current best practice 
size (RSA-4098 AFAIK?). So I'd like to rotate it.

I was hoping that someone with some authoritative knowledge of the 
relevant PVE components would be willing to give me some guidance on the 
process (not generating the key itself, just the PVE integration 
specific bits). Hopefully that can ensure that key rotation causes 
minimal disruptions to users.

Also if there are any specific PVE recommendations/requirements re the 
new GPG keypair to generate, that would also be great.

Thanks in advance.

Regards,
Jeremy Davis
TurnKey Linux

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]