On Mon, Nov 03, 2025 at 12:41:14PM +0100, Jonas Rebmann wrote: > Hi Sascha, > > On 2025-11-03 11:08, Sascha Hauer wrote: > > On Tue, Oct 28, 2025 at 07:03:20PM +0100, Jonas Rebmann wrote: > > > Merge the exemplary keys copied in from [1] into a single pem file, > > > in a manner similar to test/self/development_rsa2048.pem for consistency > > > and to reduce clutter a bit. > > > > > > While at it, rename them from "fit-" to "snakeoil-" as they are not only > > > used for fit, but also for tlv integration tests, and to indicate more > > > clearly that these are publicly known keys. > > > > Should we rather keep the "fit" name and add another key for tlv > > integration tests? > > I'd rather not add more 'compromised' keys to the repo. What would be > the gain?
My thinking was that with this we could make sure that during tests actually a key from the desired keyring is used. > > I think naming it snakeoil gives it the warning it deserves. We should > make it hard for anyone to confuse our CI/Development keys with their > production keys. Indeed. I just don't like the term "snakeoil" here. >From wikipedia: "Snake oil" is a term used to describe deceptive marketing, health care fraud, or a scam. We don't do anything like this here. We're not trying to sell snake oil. I am open for something like "testing" or "development". Also we might want to add a runtime message like: "WARNING: This barebox binary contains well known keys and is unsecure" Sascha -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
