stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

blockers 2

Browse Source
This commit is contained in:
StellaOps Bot
2025-11-23 16:57:18 +02:00
parent cce96f3596
commit 7768555f2d
17 changed files with 220 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/airgap/time-anchor-trust-roots.md
View File

@@ -41,3 +41,8 @@ Provides a minimal, deterministic format for distributing trust roots used to va
## Next steps
- Replace placeholder values with production Roughtime public keys and TSA certificates once issued by Security.
- Add regression tests in `StellaOps.AirGap.Time.Tests` that load this bundle and validate sample tokens once real roots are present.
- CI/Dev unblock: you can test end-to-end with a throwaway root by:
1. Generate Ed25519 key for Roughtime: `openssl genpkey -algorithm Ed25519 -out rtime-dev.pem && openssl pkey -in rtime-dev.pem -pubout -out rtime-dev.pub`.
2. Base64-encode the public key (`base64 -w0 rtime-dev.pub`) and place into `publicKeyBase64`; set validity to a short window.
3. Point `AirGap:TrustRootFile` at your edited bundle and set `AirGap:AllowUntrustedAnchors=true` only in dev.
4. Run `scripts/mirror/verify_thin_bundle.py --time-root docs/airgap/time-anchor-trust-roots.json` to ensure bundle is parsable.