Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What would an actual secure workflow for signing artifacts look like?

I'm thinking: Final round of "code review" by security engineer on high-security single-purpose device, build artifact on that device, sign using hardware security module.

I put "code review" in scare quotes because code changes are potentially expensive at this point. For minor issues, turn to your standard workstation and file an issue for next release. For a major security problem, call off the release.



One guy named Jeff and his boss Clem have access to an offline PC with some signing software in a closet behind a badged door. Not TEMPEST secure unless they have govt contracts. For hardware stuff it might be at the factory.


Thanks, interesting.

I don't see how TEMPEST is relevant?


I mean, if you don't want state actors to steal your super secret keys, maybe secure the power lines and RFI


I searched on Google for RFI, not sure what it stands for?


I believe that RFI here is "RF interference." Here's links to learn more about the references above [1] [2].

[1] https://en.wikipedia.org/wiki/Tempest_(codename)

[2] https://en.wikipedia.org/wiki/Van_Eck_phreaking


Yep. It is pretty trivial to extract encryption keys via either control of voltage or detection of electromagnetic radiation emanating from a server




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: