Signing with multi keys


I have a use case which I’m struggling to understand how to accomplish.

I want to have signature checking enabled, all the time.

At the same time we are making a few of our own tests against our software to scan for in OV9.

In OV8 we could have multi signing keys, as we could use the Community sign key to validate the community feed test. And then sign our own tests with our own key.
Each test had its own .asc, hence this use case worked for us.

But in OV9 we cant figure out how to accomplish this.
As we have our custom tests we would need to re-sign the sha256sums file after every community update, just to have our own tests in the feed AND have signature checking enabled.

Isn’t there a way to support custom tests AND the community feed tests, while having signature checking enabled AND using the community key + our own key?

FYI, I asked this in a current thread. But I believe that thread is misplaced, hence why Im creating the question here as it is related to signing VTs.

Thnk you!

Unfortunately the “Vulnerability Tests” category is the wrong place for such a questions.

Handling signatures is done by the scanner daemon (openvassd) and not by the vulnerability tests itself (which this category is about). Because of this i’m moving this back to the Source Edition (GSE) category and closing it as a duplicate of the existing thread here: