[Pki-clean-room-devel] getting started on cleanroom

Fri Dec 9 01:07:07 UTC 2016

On Sat, Dec 03, 2016 at 08:29:15PM +0000, Ana C. Custura wrote:
> Hi Liz,
> 
> Thank you for this! 
> 
> > I'm wondering if I should start integrating the scripts with the
> > TUI from the beginning rather than at the very end? I think it's just
> > easier for me to think of it that way. That way I can complete an entire
> > feature, like "first-time key gen" and it can be ready to go. 
> 
> I think this sounds reasonable, you can draft a UI as you're working on
> the helper scripts and then polish it more towards the end. 
> 
> > Not sure how to create subkeys non-interactively because I don't think
> > you can do --batch with --edit-key. 
> > 
> > The second file is just the helper for creating gpg.conf. 
> 
> Looks good. Yes, I'm afraid there is no straightforward way to generate
> subkeys non-interactively as far as I can see --batch can only handle
> one subkey during the automated creation process. 
> On this topic, have a look at:
> 
> https://riseup.net/en/gpg-best-practices
> https://pythonhosted.org/python-gnupg/
> 
> In particular python-gnupg, might be a good alternative to bash.

Hey Ana,

I looked at python-gnupg, it doesn't seem to have an "edit-key" command
at all. So I don't even see how I would be able to add multiple UIDs or
multiple subkeys with this python wrapper. Let me know if I'm missing
something. From what I can see it will let you specify a few params for
the secondary encryption key but not for additional keys. 

https://pythonhosted.org/python-gnupg/#generating-keys

In gpg,
When the user does addkey the prompt says 'Please select what kind of
key you want' and the user can choose (8) RSA (set your own
capabilities) and toggle between Sign, Encrypt, and Authenticate
options. Simon Josefsson includes this on his blog (just search the page
for the word 'addkey' its the 3rd one) so I'm going to need a solution
that will let me do everything that the interactive prompt can do.

https://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard

I found this thread--

http://www.gossamer-threads.com/lists/gnupg/users/67792

Liz

> 
> > Please let me know if you have any feedback at this early
> > stage. And I haven't met Daniel G. yet. What email should I use
> > for communicating with him? Also should I just email the mailing list
> > + Ana from now on instead of cc'ing everyone?
> 
> I'll subscribe to the list, have not realized I wasn't! Thanks for
> pointing it out. Cc me for the time being.
> 
> Regards,
> Ana
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pki-clean-room-devel/attachments/20161208/13c8027e/attachment.sig>