Skip to content

Pin cold recovery-authority key (rec-v1)#22

Merged
TeoSlayer merged 1 commit into
mainfrom
feat/pin-recovery-key
Jun 21, 2026
Merged

Pin cold recovery-authority key (rec-v1)#22
TeoSlayer merged 1 commit into
mainfrom
feat/pin-recovery-key

Conversation

@TeoSlayer

Copy link
Copy Markdown
Contributor

Pins the production cold recovery key (rec-v1) in the SEPARATE recovery keyring, enabling identity-based node recovery to be verified offline. Private half lives only in Cloud KMS (key ring pilot-recovery/recovery-authority, Ed25519, non-exportable), with signing locked to the sole custodian — distinct from the badge issuer key, preserving the two-key separation (a badge-key compromise can't forge a recovery).

  • Pinned value is the public key (EGQ7…); still ldflags-overridable for rotation.

Tests

  • TestPinnedRecoveryGoldenVector: a real gcloud kms asymmetric-sign signature over a canonical recovery statement verifies against the pin (baked-in vector, no KMS at test time).
  • TestRecoveryKeyPinned: rec-v1 present, non-zero, and DISTINCT from the badge issuer key.
  • go test -race ./... green (15 pkgs); gofmt clean. Replaces the obsolete placeholder test.

@codecov

codecov Bot commented Jun 21, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@TeoSlayer TeoSlayer merged commit 7c64b79 into main Jun 21, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants