Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

4 Week Progress Update for PGP Clean Room


Happy New Year Everyone!

Aside from taking some time off for the holidays, I set up a Debian-Sid USB stick in order to test gnupg version 2.1.16-3, the version to be included in Debian Stretch . For now, I’m using the package rng-tools to speed up the key creation for the purpose of testing gpg commands. By running sudo rngd -r /dev/urandom before the gpg command, you can create the keys in about a second.

Here are some of the sources that I’ve been using that inform the workflow and secure practices for gpg that we’ll be including in the Clean Room:

The Project Wiki

Offline GnuPG Master Key and Subkeys on YubiKey NEO Smartcard from Simon Joseffson’s Blog. This is really helpful! I’m adapting a lot of the workflow for gpg2.1.16.

OpenPGP Best Practices

Debian Wiki: Creating Subkeys

Debian Wiki: Keysigning

Smartcard Guide

Some feature suggestions that were made by Neal Walfield that could be included in the workflow:

Use a smartcard for the primary key and a smartcard for the subkeys

Support subkey rotation the creation of new subkeys

Upon finishing a session, write a script to the USB that sends mails with the signed keys and imports the user’s public keys.

Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles