# Public Keys & Key IDs

***

### Embedded Production Keys

The bootloader contains these trusted Ed25519 public keys:

#### Key 0: Primary Development Key

```
Algorithm:  Ed25519
Purpose:    Primary kernel signing
Public Key: 579adcf9f563fdaa6824b4f01d65ccb6fa1ef13fd99489a88848e641749b7ffb
```

#### Key 1: Secondary Development Key

```
Algorithm:  Ed25519
Purpose:    Secondary/backup signing
Public Key: 3d4017c3e8438935a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660
```

#### Key 2: Recovery Key

```
Algorithm:  Ed25519
Purpose:    Emergency recovery
Public Key: fc51cd8e6218a1a38da47ed00230f0580816868d13ba3303ac5deb911548908025
```

***

### Key Metadata

The signing key includes metadata for audit:

```json
{
  "version": 1,
  "algorithm": "Ed25519",
  "created_utc": "2025-12-16T19:36:46.019486Z",
  "pubkey_hex": "579adcf9f563fdaa6824b4f01d65ccb6fa1ef13fd99489a88848e641749b7ffb",
  "pubkey_blake2b": "7931e665aa013b8cfbe0eb16fed5b132b129fe3814658b96ea047684c4f7e8e8",
  "seed_blake2b": "8b3225858c221262b591a00dc2c634788cb448456039dd5afbac5938e1af9123",
  "usage": {
    "kernel_signing": true,
    "attestation_signing": true,
    "bootloader_embed": true
  }
}
```

***

### Key ID Derivation

Key IDs are derived using BLAKE3:

```
Domain Separator: "NONOS:KEYID:ED25519:v1"

KeyID = BLAKE3.derive_key(
    context: "NONOS:KEYID:ED25519:v1",
    input: public_key_bytes
)
```

### Key Fingerprints

| Key          | Fingerprint (BLAKE2b)                                              |
| ------------ | ------------------------------------------------------------------ |
| Primary (v1) | `7931e665aa013b8cfbe0eb16fed5b132b129fe3814658b96ea047684c4f7e8e8` |

***

### Key Storage

#### Development Key

```
Location: ./dev_signing_key.bin
Format:   32-byte raw Ed25519 seed
Perms:    0600 (owner read/write only)
```

#### Production Keys

Production keys are stored in:

* Hardware Security Module (HSM)
* Air-gapped secure storage
* Multiple geographic locations

Public keys only are embedded in bootloader binary.

***

### Signature Format

```
┌─────────────────────────────────────────┐
│           KERNEL BINARY                 │
├─────────────────────────────────────────┤
│                                         │
│  ELF Header                             │
│  .text section                          │
│  .rodata section                        │
│  .data section                          │
│  .bss section                           │
│                                         │
├─────────────────────────────────────────┤
│  .nonos.manifest section                │
│  (version, capabilities, timestamp)     │
├─────────────────────────────────────────┤
│  .nonos.sig section (64 bytes)          │
│  Ed25519 signature of kernel hash       │
└─────────────────────────────────────────┘
```

***

### Verification Process

```
1. Load kernel binary
2. Compute: hash = BLAKE3(kernel_binary)
3. Extract signature from .nonos.sig
4. For each embedded public key:
     if Ed25519.verify(hash, signature, pubkey):
         return VERIFIED
5. return FAILED (halt boot)
```

***

### Key Rotation

To rotate production keys:

1. Generate new Ed25519 keypair (air-gapped)
2. Add new public key to bootloader source
3. Build and sign new bootloader with OLD key
4. Deploy bootloader update
5. Sign future kernels with NEW key
6. After transition period, remove old key

***

### Multi-Signature Support

NØNOS supports N-of-M multisig for critical operations:

| Operation          | Threshold           |
| ------------------ | ------------------- |
| Kernel signing     | 1-of-3 (any key)    |
| Community circuits | N-of-M configurable |
| Key rotation       | 2-of-3              |

***

### Domain Separators

| Domain                        | Purpose                |
| ----------------------------- | ---------------------- |
| `NONOS:KEYID:ED25519:v1`      | Key ID derivation      |
| `NONOS:CAPSULE:COMMITMENT:v1` | Capsule commitment     |
| `NONOS:ZK:PROGRAM:v1`         | ZK program hash        |
| `NONOS:CIRCUIT_KEY:v1`        | Circuit key derivation |

### Verifying Key Authenticity

To verify you have authentic NØNOS keys:

```bash
# Check key fingerprint
echo -n "579adcf9f563fdaa6824b4f01d65ccb6fa1ef13fd99489a88848e641749b7ffb" | xxd -r -p | b2sum

# Expected BLAKE2b:
# 7931e665aa013b8cfbe0eb16fed5b132b129fe3814658b96ea047684c4f7e8e8
```

***

### Security Considerations

#### `Key Compromise`

If a key is compromised:

1. Remove compromised key from bootloader
2. Build new bootloader signed with uncompromised key
3. Deploy emergency update
4. Revoke old key in all documentation

#### `Key Generation`

Production keys are generated:

* On air-gapped hardware
* Using hardware RNG (RDRAND + external entropy)
* With multiple witnesses
* With ceremony documentation

***