Add new build system signing key stored on Nitrokey 3A Mini dongle
This key is available only from Nitrokey 3A Mini (nk3) USB security key.
Only 3 such identical nk3 dongles were provisioned[1], one nk3 dongle is
going to be attached to the new buildbot master server, remaining two
nk3 dongles are going to be kept as a backup (ynezz, jow). GnuPG
master/secret keys are not available, only revocation certificate was
generated, just in case.
This new signing key 0x1D53D1877742E911 available only from those three
nk3 dongles was cross signed with 3 previous signing keys (snapshot,
21.02, 22.03):
pub
ed25519/0x1D53D1877742E911 2023-05-18 [C] [expires: 2033-05-15]
Key fingerprint = 8A8B C12F 46B8 36C0 F9CD B36F 1D53 D187 7742 E911
uid [ultimate] OpenWrt Build System (Nitrokey3) <contact@openwrt.org>
sig 3 0x1D53D1877742E911 2023-05-18 OpenWrt Build System (Nitrokey3) <contact@openwrt.org>
sig 0xCD84BCED626471F1 2023-05-18 OpenWrt Build System (PGP key for unattended snapshot builds) <pgpsign-snapshots@openwrt.org>
sig 0xCD54E82DADB3684D 2023-05-18 OpenWrt Build System (GnuPGP key for 22.03 release builds) <pgpsign-22.03@openwrt.org>
sig 0x88CA59E88F681580 2023-05-18 OpenWrt Build System (PGP key for 21.02 release builds) <pgpsign-21.02@openwrt.org>
sub
ed25519/0x2B0151090606D1D9 2023-05-18 [S] [expires: 2033-05-15]
Key fingerprint = 92C5 61DE 55AE 6552 F3C7 36B8 2B01 5109 0606 D1D9
sig 0x1D53D1877742E911 2023-05-18 OpenWrt Build System (Nitrokey3) <contact@openwrt.org>
nk3 dongle PIN is going to be available to all build infrastructure
admins (needed after server restarts), admin PIN, reset PIN and
revocation certificate to folks having backup key dongles (ynezz, jow).
Signed-off-by: Petr Štetiar <ynezz@true.cz>