Registre de confiance FR

Révocations

Clés invalidées avec raison, impact et instructions de vérification.

Révocations d'urgence

1 enregistré(s). Vérifiez les fenêtres de signature avant de faire confiance aux artefacts.

EMERGENCY Revocation — Ed25519 Key Compromise (Oct 2025)
Critical Urgence

Private key material detected in a dependency audit log during automated credential scanning.

Révoqué
oct. 14, 2025 02:17 UTC
Clés affectées
ed25519-2024-compromised
Fenêtre affectée
avr. 1, 2024 – oct. 14, 2025
Remplacé par
ed25519-2025-emergency-replacement
Conseil de vérification: Artifacts signed by this key after 2025-08-22 (when the key was first exposed) should be re-verified or re-signed using the emergency replacement key.
Vérifier un artefact →
Détails techniques
On 2025-10-14 at approximately 02:00 UTC, the automated credential scanner identified
Ed25519 private key material matching SHA256:zX7mQ2kN9wB4rT6vF1cH8dP3eA5oL0jU in a
cached dependency resolution log committed to an internal tooling repository on 2025-08-22.
The private key was captured incidentally by a verbose build tool audit mode. The tool
has been patched and audit log retention policies updated.
Étapes d'atténuation
  • Key revoked immediately upon detection
  • Emergency replacement key generated offline and activated
  • All CI/CD pipeline configurations updated to emergency replacement key
  • Affected tooling repository cleaned; build tool patched
  • Audit log retention policy restricted to 7 days
  • Security postmortem completed 2025-11-01

Révocations administratives

Administrative Revocation — RSA-4096 Algorithm Deprecation Medium

RSA-4096 retired as signing algorithm. All production signing migrated to Ed25519 per updated policy.

Révoqué
juin 1, 2023
Clés affectées
rsa4096-2022-legacy