- Add Sigsum transparency log support. See https://sigsum.org/
- Remove vendor signing with vendor keys and instead uses the Sigsum key pair. Vendor key support is retained for verification.
- Introduce lifetime of vendor keys, but limited to Sigsum submit keys.
- Split out verification by end user to its own program: tkey-verify.
- Introduce new program: tkey-sigsum-submit.
- Lots of refactoring, again.
- Include new signer app, signer-tkey-verification1, built from https://github.com/tillitis/tkey-device-signer without touch. This version supports both the older Bellatrix and the upcoming Castor TKeys.
- Bump Go package tkeyclient to v1.2.0
- Change license to BSD-2-Clause.
This version brings a lot of refactoring, aiming at simplifying building and program structure. Only the major changes will be mentioned here, see complete changelog for more details.
Changes:
- Refactoring, giving a new way of accessing internal assets, making it more idiomatic
- Signer binaries are now checked in to the repo under cmd/tkey-verification/bins
- Verisigner-0.0.3 is deprecated, but buildable from older tags
- New signer app included, signer-v1.0.1, built from tkey-device-signer without touch
- Support multiple vendor signing keys
- Earlier
show-pubkeyprogram is now a command in tkey-verification - Use tkeyclient instead of internal pkg
- Use tkeysign instead of internal pkg
- Refine errors to present more sensible errors to users of the verify command
- Pointing to tillitis.se/verify if an error occur when verifying a TKey, with explanations to common errors
- Use GoReleaser for release building
- Enable CGO for Darwin, to find the port automatically
- Add
--speedflag to support multiple baudrates
Update to include new TKey product revision from Tillitis which is based on the FPGA design and bitstream in release:
https://github.com/tillitis/tillitis-key1/releases/tag/TK1-24.03
In this second release we ensure that the published executable binaries can be reproduced, see README.md in the repository.
Verifying your TKey in a few simple steps:
-
download the suitable
tkey-verificationbinary for your platform -
rename the file to
tkey-verification(add.exeon Windows, on other platforms run:chmod +x ./tkey-verification) -
plug in your TKey
-
In a terminal on Linux, or in PowerShell on Windows, you can run the verification with:
./tkey-verification verify -
On MacOS, automatic detection of the serial port is currently not available. You have to first list the serial port devices with:
ls -l /dev/cu.*The TKey device name looks like “/dev/cu.usbmodemN” where N is a number. Now you can run the verification like:
./tkey-verification verify --port /dev/cu.usbmodemN
The default operation of tkey-verification requires Internet
connectivity to download the verification data on the machine where
you plug in your TKey. But it is also possible to run the verification
on a machine that does not have connectivity, by first downloading the
verification data on a machine which does. See tkey-verification verify --help for more information.
After processing the data and talking to your TKey, expect a final
message saying TKey is genuine!.
This is the first release of the tool for Tillitis signing and you verifying that your TKey is genuine.
Verifying your TKey in a few simple steps:
- download the suitable
tkey-verificationbinary for your platform - rename the file to
tkey-verification(add.exeon Windows; dochmod +x ./tkey-verificationon other platforms) - plug in your TKey
- execute this command in your terminal:
./tkey-verification verify(without ./ on Windows)
The default operation of tkey-verification requires Internet
connectivity to download the verification data on the machine where
you plug in your TKey. But it is also possible to run the verification
on a machine that does not have connectivity, by first downloading the
verification data on machine which does. See tkey-verification verify --help for more information.
After processing the data and talking to your TKey, expect a final
message saying TKey is genuine!.