Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Asfaload Concepts

This document introduces concepts and terminology as used by the Asfaload project.

Individual signature

The signature generated by a user controlling an Asfaload keypair.

Multisig system

A system defining the combination of individual signatures from pre-defined groups of signers, each group specifying a threshold of participants as a completeness criteria.

Aggregate signature

A group of individual signature in the Asfaload Multisig system. An aggregate signature is pending until its completeness criteria is met, at which time it transition to complete. This completeness criteria is dependent on the group and the operation the aggregate signature is applied to.

Signers file

The signers file is a json document that defines multiple role-based groups of signers, such as artifact_signers, admin_keys, revocators, master_keys. Only the artifact_signers group is mandatory: to enable easy setup in simple environments, there are groups fallbacks if not all of these are defined. Each group has a specific purpose: artifact_signers applies to normal operations (e.g. release signing), while others apply to specific operations.

Groups

Artifact signers

List the public keys of the signers authorised and expected to sign an artifact, for example a Github Release.

Admin keys

Lists the public keys of signers authorised to update the signers file.

Revocators

List public keys of signers authorised to revoke an aggregate signature. The aggregate signature can be pending, in which case it cannot be completed anymore, or complete, in which case it is rendered obsolete.

Master keys

These keys cannot be present in another group, and they are meant to be used in emergency operations when admin keys are not usable. We encourage to keep these keys offline.