Trust Registry EN

Revocation Records

All revoked signing keys with reasons, impact assessment, and response actions.

Emergency Revocations

1 recorded. Review affected signing windows before trusting artifacts.

EMERGENCY Revocation — Ed25519 Key Compromise (Oct 2025)
Critical Emergency

Private key material detected in a dependency audit log during automated credential scanning.

Revoked
Oct 14, 2025 02:17 UTC
Keys affected
ed25519-2024-compromised
Affected window
Apr 1, 2024 – Oct 14, 2025
Replaced by
ed25519-2025-emergency-replacement
Verification advice: Artifacts signed by this key after 2025-08-22 (when the key was first exposed) should be re-verified or re-signed using the emergency replacement key.
Verify an artifact →
Technical details
On 2025-10-14 at approximately 02:00 UTC, the automated credential scanner identified
Ed25519 private key material matching SHA256:zX7mQ2kN9wB4rT6vF1cH8dP3eA5oL0jU in a
cached dependency resolution log committed to an internal tooling repository on 2025-08-22.
The private key was captured incidentally by a verbose build tool audit mode. The tool
has been patched and audit log retention policies updated.
Mitigation steps
  • Key revoked immediately upon detection
  • Emergency replacement key generated offline and activated
  • All CI/CD pipeline configurations updated to emergency replacement key
  • Affected tooling repository cleaned; build tool patched
  • Audit log retention policy restricted to 7 days
  • Security postmortem completed 2025-11-01

Administrative Revocations

Administrative Revocation — RSA-4096 Algorithm Deprecation Medium

RSA-4096 retired as signing algorithm. All production signing migrated to Ed25519 per updated policy.

Revoked
Jun 1, 2023
Keys affected
rsa4096-2022-legacy