--- /dev/null
+#!/usr/bin/env bash
+
+cat <<EOT > signatures.txt
+---
+---
+LEDE Public Keys
+================
+
+== LEDE Public Keys
+
+This page lists the fingerprints of all public keys in use by the LEDE project
+and is automatically generated from the developer keys present in the
+https://git.lede-project.org/?p=keyring.git[keyring.git] repository.
+
+Refer to our link:signing.html[signing documentation page] to learn more about
+file verification and key generation.
+
+EOT
+
+mkdir -p "tmp.$$/gpg" || {
+ echo "Canot create temporary directory." >&2
+ exit 1
+}
+
+trap "rm -fr tmp.$$" INT TERM
+git clone https://git.lede-project.org/keyring.git "tmp.$$/git"
+
+
+cat <<EOT >> signatures.txt
+=== GnuPG key fingerprints
+
+GnuPG keys are mainly used to verify the integrity of firmware image downloads.
+
+Signature verification ensures that image downloads have not been tampered with
+and that the third-party download mirrors serve genuine content.
+
+EOT
+
+format_key() {
+ output=""
+
+ while read field rest; do
+ case $field in
+ uid)
+ output="User ID: $(echo "$rest" | sed -e 's/([^()]*) //; s/@/ -at- /; s/^\(.*\) </*\1* </') +\n$output"
+ ;;
+ pub|sub)
+ oIFS="$IFS"; IFS=" /]"; set -- $rest; IFS="$oIFS"
+ type="$1"; keyid="$2"; created="$3"; expires="$5"
+
+ case $field in
+ pub) output="${output}Public Key: " ;;
+ sub) output="${output}Signing Subkey: " ;;
+ esac
+
+ output="${output}*0x$keyid* ("
+
+ case $type in
+ *[rR]) output="${output}${type%[rR]} Bit RSA" ;;
+ *[dD]) output="${output}${type%[dD]} Bit DSA" ;;
+ *[gG]) output="${output}${type%[gG]} Bit ElGamal" ;;
+ esac
+
+ output="${output}, created $created${expires:+, expires $expires}) +\n";
+ ;;
+ Key)
+ fingerprint="${rest##* = }"
+ output="${output}Fingerprint: +$fingerprint+ +\n"
+ ;;
+ esac
+ done
+
+ printf "$output"
+}
+
+grep -rE "^Comment: " "tmp.$$/git/gpg"/*.asc | \
+sed -e 's!^\([^:]*\):Comment: \(.*\)$!\2|\1!' | \
+sort | \
+while read line; do
+ keyfile="${line##*|}"
+ comment="${line%|*}"
+
+ keyid=$(gpg --status-fd 1 --homedir "tmp.$$/gpg" --import "$keyfile" 2>/dev/null | \
+ sed -ne 's!^.* IMPORTED \([A-F0-9]\+\) .*$!\1!p')
+
+ relfile="gpg/${keyfile##*/gpg/}"
+ modtime="$(cd "tmp.$$/git/"; git log -1 --format="%ci" -- "$relfile")"
+
+ {
+ cat <<-EOT
+ ---
+
+ ==== $comment
+ $(gpg --homedir "tmp.$$/gpg" --fingerprint --fingerprint "$keyid" 2>/dev/null | format_key)
+
+ [small]#https://git.lede-project.org/?p=keyring.git;a=history;f=$relfile[Last change: $modtime] | https://git.lede-project.org/?p=keyring.git;a=blob_plain;f=$relfile[Download]#
+
+ EOT
+ } >> signatures.txt
+done
+
+cat <<EOT >> signatures.txt
+=== _usign_ public keys
+
+The _usign_ EC keys are used to sign repository indexes in order to ensure that
+packages fetched and installed via _opkg_ are unmodified and genuine.
+
+Those keys are usually installed by default and bundled as
+https://git.lede-project.org/?p=source.git;a=tree;f=package/system/lede-keyring[lede-keyring]
+package.
+
+EOT
+
+grep -rE "^untrusted comment: " "tmp.$$/git/usign"/[a-f0-9]* | \
+sed -e 's!^\([^:]*\):untrusted comment: \(.*\)$!\2|\1!' | \
+sort | \
+while read line; do
+ keyfile="${line##*|}"
+ comment="${line%|*}"
+
+ relfile="usign/${keyfile##*/usign/}"
+ modtime="$(cd "tmp.$$/git/"; git log -1 --format="%ci" -- "$relfile")"
+
+ {
+ cat <<-EOT
+ ---
+
+ ==== $comment
+ * Key-ID: +${keyfile##*/}+
+ * Key-Data: +$(grep -vE "^untrusted comment: " "$keyfile")+
+
+ [small]#https://git.lede-project.org/?p=keyring.git;a=history;f=$relfile[Last change: $modtime] | https://git.lede-project.org/?p=keyring.git;a=blob_plain;f=$relfile[Download]#
+
+ EOT
+ } >> signatures.txt
+done
+
+rm -fr "tmp.$$"
--- /dev/null
+---
+---
+LEDE Public Keys
+================
+
+== LEDE Public Keys
+
+This page lists the fingerprints of all public keys in use by the LEDE project
+and is automatically generated from the developer keys present in the
+https://git.lede-project.org/?p=keyring.git[keyring.git] repository.
+
+Refer to our link:signing.html[signing documentation page] to learn more about
+file verification and key generation.
+
+=== GnuPG key fingerprints
+
+GnuPG keys are mainly used to verify the integrity of firmware image downloads.
+
+Signature verification ensures that image downloads have not been tampered with
+and that the third-party download mirrors serve genuine content.
+
+---
+
+==== LEDE GnuPG key for unattended build jobs
+User ID: *LEDE Build System* <lede-adm -at- lists.infradead.org> +
+Public Key: *0x626471F1* (4096 Bit RSA, created 2016-07-26) +
+Fingerprint: +54CC 7430 7A2C 6DC9 CE61 8269 CD84 BCED 6264 71F1+ +
+Signing Subkey: *0x8B699029* (4096 Bit RSA, created 2016-07-26) +
+Fingerprint: +6D92 78A3 3A9A B314 6262 DCEC F935 25A8 8B69 9029+ +
+
+[small]#https://git.lede-project.org/?p=keyring.git;a=history;f=gpg/626471F1.asc[Last change: 2016-07-26 15:54:36 +0200] | https://git.lede-project.org/?p=keyring.git;a=blob_plain;f=gpg/626471F1.asc[Download]#
+
+---
+
+==== Public key of Álvaro Fernández Rojas
+User ID: *Álvaro Fernández Rojas* <noltari -at- gmail.com> +
+Public Key: *0xAA382EC1* (4096 Bit RSA, created 2016-04-16) +
+Fingerprint: +5155 F5AE EACC 0C33 E8A3 6F2A 9E2A DB5C AA38 2EC1+ +
+Signing Subkey: *0xA7DCDFFB* (4096 Bit RSA, created 2016-04-16, expires 2018-04-16) +
+Fingerprint: +FB89 4037 B454 05CA 95EE 34DC 9712 EBC9 A7DC DFFB+ +
+
+[small]#https://git.lede-project.org/?p=keyring.git;a=history;f=gpg/A7DCDFFB.asc[Last change: 2016-04-16 11:59:03 +0200] | https://git.lede-project.org/?p=keyring.git;a=blob_plain;f=gpg/A7DCDFFB.asc[Download]#
+
+---
+
+==== Public key of John Crispin
+User ID: *John Crispin* <john -at- phrozen.org> +
+Public Key: *0x34E5BBCC* (4096 Bit RSA, created 2016-04-14) +
+Fingerprint: +B4DE 4970 B205 473D 26CD 818F 9E8F 1F29 34E5 BBCC+ +
+Signing Subkey: *0x49785F4F* (4096 Bit RSA, created 2016-04-14, expires 2018-04-14) +
+Fingerprint: +AA98 B891 5121 33A3 CD28 BB4A 3D8B E4EB 4978 5F4F+ +
+
+[small]#https://git.lede-project.org/?p=keyring.git;a=history;f=gpg/34E5BBCC.asc[Last change: 2016-04-14 14:40:54 +0200] | https://git.lede-project.org/?p=keyring.git;a=blob_plain;f=gpg/34E5BBCC.asc[Download]#
+
+---
+
+==== Public key of Jo-Philipp Wich
+User ID: *Jo-Philipp Wich* <jo -at- mein.io> +
+Public Key: *0x612A0E98* (4096 Bit RSA, created 2016-04-05) +
+Fingerprint: +69B2 6A27 62D0 65E6 6F59 6755 C76F DE50 612A 0E98+ +
+Signing Subkey: *0x1584F206* (4096 Bit RSA, created 2016-04-05, expires 2018-04-05) +
+Fingerprint: +A8B2 D538 69A3 E72D 1392 3D8F 2D87 FF6E 1584 F206+ +
+
+[small]#https://git.lede-project.org/?p=keyring.git;a=history;f=gpg/612A0E98.asc[Last change: 2016-04-05 19:03:17 +0200] | https://git.lede-project.org/?p=keyring.git;a=blob_plain;f=gpg/612A0E98.asc[Download]#
+
+---
+
+==== Public LEDE key of Ted Hess
+User ID: *Ted Hess* <thess -at- kitschensync.net> +
+Public Key: *0x12D89000* (4096 Bit RSA, created 2016-04-26) +
+Fingerprint: +C2C9 C93B F477 5C11 D4F6 617C 9C46 FAFC 12D8 9000+ +
+Signing Subkey: *0x8A1617C4* (4096 Bit RSA, created 2016-04-26, expires 2018-04-26) +
+Fingerprint: +021D 623A 818E E4D3 D1AC 6041 3146 4E53 8A16 17C4+ +
+
+[small]#https://git.lede-project.org/?p=keyring.git;a=history;f=gpg/12D89000.asc[Last change: 2016-04-26 14:18:19 -0400] | https://git.lede-project.org/?p=keyring.git;a=blob_plain;f=gpg/12D89000.asc[Download]#
+
+=== _usign_ public keys
+
+The _usign_ EC keys are used to sign repository indexes in order to ensure that
+packages fetched and installed via _opkg_ are unmodified and genuine.
+
+Those keys are usually installed by default and bundled as
+https://git.lede-project.org/?p=source.git;a=tree;f=package/system/lede-keyring[lede-keyring]
+package.
+
+---
+
+==== LEDE usign key for unattended build jobs
+ * Key-ID: +b5043e70f9a75cde+
+ * Key-Data: +RWS1BD5w+adc3j2Hqg9+b66CvLR7NlHbsj7wjNVj0XGt/othDgIAOJS++
+
+[small]#https://git.lede-project.org/?p=keyring.git;a=history;f=usign/b5043e70f9a75cde[Last change: 2016-04-30 18:58:47 +0200] | https://git.lede-project.org/?p=keyring.git;a=blob_plain;f=usign/b5043e70f9a75cde[Download]#
+
+---
+
+==== LEDE usign key of Álvaro Fernández Rojas
+ * Key-ID: +9ef4694208102c43+
+ * Key-Data: +RWSe9GlCCBAsQwI5+wztnWKHfBlvPFP2G00FvZyx+Wfv9AwSViUwo/s2+
+
+[small]#https://git.lede-project.org/?p=keyring.git;a=history;f=usign/9ef4694208102c43[Last change: 2016-04-16 11:58:31 +0200] | https://git.lede-project.org/?p=keyring.git;a=blob_plain;f=usign/9ef4694208102c43[Download]#
+
+---
+
+==== LEDE usign key of John Crispin
+ * Key-ID: +dd6de0d06bbd3d85+
+ * Key-Data: +RWTdbeDQa709heyMmwDZjWmlhcTCUv/q+3TBYDPdJAGRuys6xcxE09fp+
+
+[small]#https://git.lede-project.org/?p=keyring.git;a=history;f=usign/dd6de0d06bbd3d85[Last change: 2016-04-14 14:44:03 +0200] | https://git.lede-project.org/?p=keyring.git;a=blob_plain;f=usign/dd6de0d06bbd3d85[Download]#
+
+---
+
+==== LEDE usign key of Jo-Philipp Wich
+ * Key-ID: +72a57f2191b211e0+
+ * Key-Data: +RWRypX8hkbIR4FLhtx5pjXcAIsI1iPUIcI5bMG8jZoiCkrwTstECBPqL+
+
+[small]#https://git.lede-project.org/?p=keyring.git;a=history;f=usign/72a57f2191b211e0[Last change: 2016-04-05 19:18:02 +0200] | https://git.lede-project.org/?p=keyring.git;a=blob_plain;f=usign/72a57f2191b211e0[Download]#
+
+---
+
+==== LEDE usign key of Ted Hess
+ * Key-ID: +dace9d4df16896bf+
+ * Key-Data: +RWTazp1N8WiWvy7rYxstJqaMzGiS4XfW1oyYrk2vwJMRBeBF+8xEA+EZ+
+
+[small]#https://git.lede-project.org/?p=keyring.git;a=history;f=usign/dace9d4df16896bf[Last change: 2016-04-26 14:22:18 -0400] | https://git.lede-project.org/?p=keyring.git;a=blob_plain;f=usign/dace9d4df16896bf[Download]#
+