[Pki-clean-room-devel] a few questions

Elizabeth Ferdman gnudevliz at gmail.com
Wed Dec 7 20:43:31 UTC 2016 

On Sat, Dec 03, 2016 at 08:29:15PM +0000, Ana C. Custura wrote:
> Hi Liz,
> 
> Thank you for this! 
> 
> > I'm wondering if I should start integrating the scripts with the
> > TUI from the beginning rather than at the very end? I think it's just
> > easier for me to think of it that way. That way I can complete an entire
> > feature, like "first-time key gen" and it can be ready to go. 
> 
> I think this sounds reasonable, you can draft a UI as you're working on
> the helper scripts and then polish it more towards the end. 
> 
> > Not sure how to create subkeys non-interactively because I don't think
> > you can do --batch with --edit-key. 
> > 
> > The second file is just the helper for creating gpg.conf. 
> 
> Looks good. Yes, I'm afraid there is no straightforward way to generate
> subkeys non-interactively as far as I can see --batch can only handle
> one subkey during the automated creation process. 
> On this topic, have a look at:
> 
> https://riseup.net/en/gpg-best-practices
> https://pythonhosted.org/python-gnupg/
> 
> In particular python-gnupg, might be a good alternative to bash.
> 
Thanks for the tip that could actually make things much easier.

A few questions...

How should I share my progress? Should I post what I'm working on up on
github?

I also have a question about the way the steps are written in the
workflow. It says to create a master key, and then create the signing,
encryption and authentication subkeys. Usually when you create the
primary key, an encryption subkey is automatically created. Does Daniel
mean a 2nd one should be created? If not is it ok to just make them both
at the same time since that works with batch mode?

For now I'm just going to make everything RSA and 2048. I know what the
signing and encryption keys are but I'm not sure about what the
authentication key does yet.

Thanks, 
Liz :)

> > Please let me know if you have any feedback at this early
> > stage. And I haven't met Daniel G. yet. What email should I use
> > for communicating with him? Also should I just email the mailing list
> > + Ana from now on instead of cc'ing everyone?
> 
> I'll subscribe to the list, have not realized I wasn't! Thanks for
> pointing it out. Cc me for the time being.
> 
> Regards,
> Ana
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pki-clean-room-devel/attachments/20161207/9b816c15/attachment.sig>

More information about the PKI-Clean-Room-Devel mailing list