| | 45 | |
| | 46 | If you change code-signing keys frequently, |
| | 47 | you can keep multiple (old key, signature) pairs, |
| | 48 | so that client that haven't connected in a long time will update successfully. |
| | 49 | If a client has a signing key that's not current, the server logic is: |
| | 50 | |
| | 51 | * Scan the keys/ directory for files '''old_key_i''' for i = 0, 1, ... |
| | 52 | * If one of these contains the key sent by the client, |
| | 53 | send the client the new key with the signature in '''signature_i'''. |
| | 54 | |
| | 55 | Note that '''signature_i''' contains a signature for the newest key, |
| | 56 | signed by the old key i. |
| | 57 | You must regenerate these when you issue a new key. |
