Public Keys & Key IDs

Production signing keys embedded in the NØNOS bootloader.

Embedded Production Keys

The bootloader contains these trusted Ed25519 public keys:

Key 0: Primary Development Key

Algorithm:  Ed25519
Purpose:    Primary kernel signing
Public Key: 579adcf9f563fdaa6824b4f01d65ccb6fa1ef13fd99489a88848e641749b7ffb

Key 1: Secondary Development Key

Algorithm:  Ed25519
Purpose:    Secondary/backup signing
Public Key: 3d4017c3e8438935a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660

Key 2: Recovery Key

Algorithm:  Ed25519
Purpose:    Emergency recovery
Public Key: fc51cd8e6218a1a38da47ed00230f0580816868d13ba3303ac5deb911548908025

Key Metadata

The signing key includes metadata for audit:

{
  "version": 1,
  "algorithm": "Ed25519",
  "created_utc": "2025-12-16T19:36:46.019486Z",
  "pubkey_hex": "579adcf9f563fdaa6824b4f01d65ccb6fa1ef13fd99489a88848e641749b7ffb",
  "pubkey_blake2b": "7931e665aa013b8cfbe0eb16fed5b132b129fe3814658b96ea047684c4f7e8e8",
  "seed_blake2b": "8b3225858c221262b591a00dc2c634788cb448456039dd5afbac5938e1af9123",
  "usage": {
    "kernel_signing": true,
    "attestation_signing": true,
    "bootloader_embed": true
  }
}

Key ID Derivation

Key IDs are derived using BLAKE3:

Domain Separator: "NONOS:KEYID:ED25519:v1"

KeyID = BLAKE3.derive_key(
    context: "NONOS:KEYID:ED25519:v1",
    input: public_key_bytes
)

Key Fingerprints

Key

Fingerprint (BLAKE2b)

Primary (v1)

7931e665aa013b8cfbe0eb16fed5b132b129fe3814658b96ea047684c4f7e8e8

Key Storage

Development Key

Location: ./dev_signing_key.bin
Format:   32-byte raw Ed25519 seed
Perms:    0600 (owner read/write only)

Production Keys

Production keys are stored in:

Hardware Security Module (HSM)
Air-gapped secure storage
Multiple geographic locations

Public keys only are embedded in bootloader binary.

Signature Format

┌─────────────────────────────────────────┐
│           KERNEL BINARY                 │
├─────────────────────────────────────────┤
│                                         │
│  ELF Header                             │
│  .text section                          │
│  .rodata section                        │
│  .data section                          │
│  .bss section                           │
│                                         │
├─────────────────────────────────────────┤
│  .nonos.manifest section                │
│  (version, capabilities, timestamp)     │
├─────────────────────────────────────────┤
│  .nonos.sig section (64 bytes)          │
│  Ed25519 signature of kernel hash       │
└─────────────────────────────────────────┘

Verification Process

1. Load kernel binary
2. Compute: hash = BLAKE3(kernel_binary)
3. Extract signature from .nonos.sig
4. For each embedded public key:
     if Ed25519.verify(hash, signature, pubkey):
         return VERIFIED
5. return FAILED (halt boot)

Key Rotation

To rotate production keys:

Generate new Ed25519 keypair (air-gapped)
Add new public key to bootloader source
Build and sign new bootloader with OLD key
Deploy bootloader update
Sign future kernels with NEW key
After transition period, remove old key

Multi-Signature Support

NØNOS supports N-of-M multisig for critical operations:

Operation

Threshold

Kernel signing

1-of-3 (any key)

Community circuits

N-of-M configurable

Key rotation

2-of-3

Domain Separators

Domain

Purpose

NONOS:KEYID:ED25519:v1

Key ID derivation

NONOS:CAPSULE:COMMITMENT:v1

Capsule commitment

NONOS:ZK:PROGRAM:v1

ZK program hash

NONOS:CIRCUIT_KEY:v1

Circuit key derivation

Verifying Key Authenticity

To verify you have authentic NØNOS keys:

# Check key fingerprint
echo -n "579adcf9f563fdaa6824b4f01d65ccb6fa1ef13fd99489a88848e641749b7ffb" | xxd -r -p | b2sum

# Expected BLAKE2b:
# 7931e665aa013b8cfbe0eb16fed5b132b129fe3814658b96ea047684c4f7e8e8

Security Considerations

`Key Compromise`

If a key is compromised:

Remove compromised key from bootloader
Build new bootloader signed with uncompromised key
Deploy emergency update
Revoke old key in all documentation

`Key Generation`

Production keys are generated:

On air-gapped hardware
Using hardware RNG (RDRAND + external entropy)
With multiple witnesses
With ceremony documentation

PreviousMemory Map NextZK Circuit Registry

Last updated 4 days ago

Was this helpful?