From 814df85871ebc5836e3e2f56904ec78f04c9b1b4 Mon Sep 17 00:00:00 2001 From: Al Cutter Date: Thu, 7 Mar 2024 12:30:47 +0000 Subject: [PATCH] Clarify lifetime --- trusted_applet/key.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/trusted_applet/key.go b/trusted_applet/key.go index 30ac071..c55f3ff 100644 --- a/trusted_applet/key.go +++ b/trusted_applet/key.go @@ -71,7 +71,7 @@ func deriveWitnessKey() { } -// attestID creates a signer which is forever static for this device, and uses +// attestID creates a signer which is forever static for a fused device, and uses // that to sign a note which binds the passed in witness ID to this device's // serial number and current identity counter. // @@ -90,6 +90,9 @@ func attestID(status *api.Status, pubkey string) (string, string) { prefix = "DEV:" } + // The diversifier or key names in here MUST NOT be changed, or we'll + // break the invariant that this key is static for the lifetime of the + // (fused) device! attestSigner, attestPublicKey := deriveNoteSigner( fmt.Sprintf("%sID-Attestation", prefix), status.Serial,