{"id":39467044,"url":"https://github.com/3mdeb/3mdeb-secpack","last_synced_at":"2026-01-18T04:51:00.895Z","repository":{"id":39711095,"uuid":"170327655","full_name":"3mdeb/3mdeb-secpack","owner":"3mdeb","description":"3mdeb Security Pack","archived":false,"fork":false,"pushed_at":"2026-01-14T17:26:46.000Z","size":1250,"stargazers_count":9,"open_issues_count":14,"forks_count":8,"subscribers_count":8,"default_branch":"master","last_synced_at":"2026-01-14T21:33:03.284Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/3mdeb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-02-12T14:00:21.000Z","updated_at":"2026-01-14T17:26:48.000Z","dependencies_parsed_at":"2024-04-11T10:24:31.500Z","dependency_job_id":"6c219d88-f1e5-49d2-9e43-0908d9b39b1a","html_url":"https://github.com/3mdeb/3mdeb-secpack","commit_stats":{"total_commits":160,"total_committers":28,"mean_commits":5.714285714285714,"dds":0.63125,"last_synced_commit":"54fa77689bc43101a0cc8c436df30387bc35d00d"},"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"purl":"pkg:github/3mdeb/3mdeb-secpack","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/3mdeb%2F3mdeb-secpack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/3mdeb%2F3mdeb-secpack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/3mdeb%2F3mdeb-secpack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/3mdeb%2F3mdeb-secpack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/3mdeb","download_url":"https://codeload.github.com/3mdeb/3mdeb-secpack/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/3mdeb%2F3mdeb-secpack/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28530345,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-18T00:39:45.795Z","status":"online","status_checked_at":"2026-01-18T02:00:07.578Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-18T04:51:00.807Z","updated_at":"2026-01-18T04:51:00.876Z","avatar_url":"https://github.com/3mdeb.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 3mdeb Security Pack\n\nThis git repository was inspired  by the\n[Qubes Security Pack](https://github.com/QubesOS/qubes-secpack) and is a central\nplace for all security-related information about the 3mdeb projects. It includes\nthe following:\n\n* 3mdeb customers PGP keys (`customer-keys/`) - keys managed by 3mdeb on\n   behalf of our customers, typically we use those keys for binaries signing\n* Dasharo keys (`dasharo/`) - Dasharo Master Key used to sign Dasharo keys\n   related to market segments (Secure Firewall, Workstation), as well as\n   Dasharo market segment firmware release signing keys, to read more about\n   Dasharo visit [website](https://dasharo.com/) and\n   [documentation](https://docs.dasharo.com/)\n* 3mdeb PGP keys (`keys/`)\n    - `employees-keys` -  3mdeb employees keys signed according to org chart,\n     chain of signatures end with `owner-key` signature\n    - `master-key` - 3mdeb Master Key signs all keys dedicated to given purpose\n     e.g. Open Source Software Release Signing Key, Open Source Firmware\n     Release Signing Key and others\n    - `owner-key` - 3mdeb Owner Key\n* 3mdeb Open Source Firmware Master Key (`open-source-firmware/`) - key used\n   to sign firmware releases produced by 3mdeb\n* 3mdeb Open Source Software Master Key (`open-source-software/`) - key used\n   to sign software releases produced by 3mdeb\n* Supporting scripts (`scripts/`)\n\nThe files contained in this repository can be verified in two ways:\n\n* By verifying the git commit tags (`git tag -v`)\n* By verifying the detached PGP signatures, which are provided for the majority\n   of files included here\n\nAll the keys used by the 3mdeb projects, including the keys used to sign files\nand commits in this repository, are signed by the 3mdeb owner Piotr Król\n(`E0309B2D85A67E846329E34BB2EE71E967AA9E4C`, [keybase.io](https://keybase.io/pietrushnic)).\n\nEven though this key is also included in this repo, you should make sure to\nobtain the key fingerprint via some other channel, as you can be sure\nthat if you were getting a falsified 3mdeb Security Pack it would contain a\nfalsified owner key as well.\n\n# Adding new Master Key\n\n```shell\nuser@vault ~ % gpg --expert --full-gen-key --allow-freeform-uid\ngpg (GnuPG) 2.1.18; Copyright (C) 2017 Free Software Foundation, Inc.\nThis is free software: you are free to change and redistribute it.\nThere is NO WARRANTY, to the extent permitted by law.\n\nPlease select what kind of key you want:\n   (1) RSA and RSA (default)\n   (2) DSA and Elgamal\n   (3) DSA (sign only)\n   (4) RSA (sign only)\n   (7) DSA (set your own capabilities)\n   (8) RSA (set your own capabilities)\n   (9) ECC and ECC\n  (10) ECC (sign only)\n  (11) ECC (set your own capabilities)\nYour selection? 1\nRSA keys may be between 1024 and 4096 bits long.\nWhat keysize do you want? (3072) 4096\nRequested keysize is 4096 bits\nRSA keys may be between 1024 and 4096 bits long.\nWhat keysize do you want for the subkey? (3072) 4096\nRequested keysize is 4096 bits\nPlease specify how long the key should be valid.\n         0 = key does not expire\n      \u003cn\u003e  = key expires in n days\n      \u003cn\u003ew = key expires in n weeks\n      \u003cn\u003em = key expires in n months\n      \u003cn\u003ey = key expires in n years\nKey is valid for? (0) 5y\nKey expires at Mon 02 Feb 2026 01:28:36 PM CET\nIs this correct? (y/N) y\n\nGnuPG needs to construct a user ID to identify your key.\n\nReal name: 3mdeb Dasharo Master Key\nEmail address:\nComment:\nYou selected this USER-ID:\n    \"3mdeb Dasharo Master Key\"\n\nChange (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O\nWe need to generate a lot of random bytes. It is a good idea to perform\nsome other action (type on the keyboard, move the mouse, utilize the\ndisks) during the prime generation; this gives the random number\ngenerator a better chance to gain enough entropy.\nWe need to generate a lot of random bytes. It is a good idea to perform\nsome other action (type on the keyboard, move the mouse, utilize the\ndisks) during the prime generation; this gives the random number\ngenerator a better chance to gain enough entropy.\ngpg: key ABE1D0BC66278008 marked as ultimately trusted\ngpg: revocation certificate stored as '/home/user/.gnupg/openpgp-revocs.d/0D5F6F1DA800329EB7C597A2ABE1D0BC66278008.rev'\npublic and secret key created and signed.\n\npub   rsa4096 2021-02-03 [SC] [expires: 2026-02-02]\n      0D5F6F1DA800329EB7C597A2ABE1D0BC66278008\n      0D5F6F1DA800329EB7C597A2ABE1D0BC66278008\nuid                      3mdeb Dasharo Master Key\nsub   rsa4096 2021-02-03 [E] [expires: 2026-02-02]\nuser@vault ~ % gpg --export-secret-keys 0D5F6F1DA800329EB7C597A2ABE1D0BC66278008 \u003e 3mdeb-dasharo-master-priv-key.asc\nuser@vault ~ % gpg --recipient piotr.krol@3mdeb.com --armor --encrypt 3mdeb-dasharo-master-priv-key.asc\n```\n\nStore backup of private key in safe location.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F3mdeb%2F3mdeb-secpack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F3mdeb%2F3mdeb-secpack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F3mdeb%2F3mdeb-secpack/lists"}