1  # Trust Store Configuration
 2  # Defines which keys are trusted and at what level
 3  
 4  # Trust levels:
 5  #   untrusted - key is known but not trusted
 6  #   known     - key identity verified, limited trust
 7  #   trusted   - fully trusted for their domain
 8  #   core      - project core infrastructure keys
 9  
10  [keys.gnu-keyring]
11  # GNU project signing keys (for upstream verification)
12  algorithm = "pgp"
13  fingerprint = "0x7F2D434B9741E8AC"
14  level = "trusted"
15  domain = "upstream"
16  description = "GNU project release signing key"
17  
18  [keys.cerro-dev-2025]
19  # Development signing key (MVP only - not for production)
20  algorithm = "ed25519"
21  public_key = "REPLACE_WITH_ACTUAL_BASE64_PUBLIC_KEY"
22  level = "core"
23  domain = "build"
24  description = "Cerro Torre development key (MVP)"
25  expires = 2026-01-01
26  
27  [keys.cerro-builder-01]
28  # Example builder key (template)
29  algorithm = "ed25519"
30  public_key = "REPLACE_WITH_ACTUAL_BASE64_PUBLIC_KEY"
31  level = "core"
32  domain = "build"
33  description = "Cerro Torre automated builder #1"
34  
35  # Post-quantum keys (v0.2+)
36  # [keys.cerro-pq-2025]
37  # algorithm = "ml-dsa-65"
38  # public_key = "REPLACE_WITH_ACTUAL_BASE64_PUBLIC_KEY"
39  # level = "core"
40  # domain = "build"
41  # description = "Cerro Torre post-quantum signing key"