chore(security): gitignore testdata/publisher.key + clarify in README

Austen Bruhn · claude · Austen Bruhn · commit ab0a8d4dc66a · 2026-04-27T23:25:21.000-06:00
Audit before forking work to teammates: testdata/publisher.key (the
ed25519 private key used to sign attestation-good.json) was always
local-only and never in git history (verified via
`git log --all --diff-filter=A -- testdata/publisher.key` returning
empty). The repo's README incorrectly listed it as if it shipped.

Belt-and-suspenders:
  - .gitignore now excludes testdata/publisher.key, testdata/*.key,
    and *.pem at repo root
  - README revised: explicitly notes the key is gitignored, public key
    embedded in verifier.go (PublisherPublicKeyB64), and gives the
    regeneration recipe for the rare case someone needs to rotate

Public key in verifier.go is the only key surface in this repo by
design — that's the verification path. Private key never goes in.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,16 @@
 # Built binary
 demo-sbom-verifier
 
+# Private key for demo signature fixtures — DO NOT COMMIT.
+# The matching base64 public key is embedded in
+# internal/verifier/verifier.go (PublisherPublicKeyB64). The private
+# key is only needed to regenerate the signed fixtures in testdata/
+# (attestation-good.json / attestation-bad.json) and otherwise plays
+# no role in the demo flow.
+testdata/publisher.key
+testdata/*.key
+*.pem
+
 # Editor / OS
 .DS_Store
 *.swp
diff --git a/README.md b/README.md
@@ -23,7 +23,7 @@ internal/verifier/verifier_test.go   tests fail until verifier is fixed
 testdata/
   attestation-good.json       valid in-toto statement, signed
   attestation-bad.json        same payload, tampered signature
-  publisher.key               (private — only used to regenerate fixtures)
+                              (publisher.key is gitignored — see below)
 Makefile                      build, test, run, reset
 ```
 
@@ -65,6 +65,28 @@ make reset
 
 > **Branch protection note:** `main` should be protected against force-pushes and require a manual review for any merge, so accidental fixes to the stub never land. The intended booth artifact is the agent's *diff*, not a merged PR.
 
+## Regenerating fixtures (rarely needed)
+
+`testdata/publisher.key` is the ed25519 private key that signed
+`attestation-good.json`. It's **gitignored** — keys never go in the
+repo, even demo-only ones. The matching public key is base64-embedded
+in `internal/verifier/verifier.go` (`PublisherPublicKeyB64`).
+
+If you ever need to rotate the keypair (new fixtures), generate a new
+ed25519 keypair, sign the canonical-JSON of the in-toto statement
+payload, and update both:
+
+- `internal/verifier/verifier.go::PublisherPublicKeyB64` (raw 32-byte
+  ed25519 public key, base64-encoded)
+- `testdata/attestation-good.json` (`signature` field)
+- `testdata/attestation-bad.json` (same `payload`; tamper the
+  signature by flipping any byte)
+
+There's no script in this repo for rotation since it's a one-time
+setup task; copy the inline Go from this repo's initial commit
+message if you need it. The local `testdata/publisher.key` is what
+the original author used and stays out of source control.
+
 ## License
 
 Apache 2.0.
