[Pki-clean-room-devel] a few thoughts
Elizabeth Ferdman
gnudevliz at gmail.com
Fri Dec 23 06:29:00 UTC 2016
On Wed, Dec 21, 2016 at 09:25:09PM +0100, Neal H. Walfield wrote:
> Hi,
>
> I think this is a great effort! One of the things that most improves
> security is the use of a smartcard. It's great that you want to make
> this easier!
>
> I'd like to make a few suggestions based on my reading of the web page
> and the mailing list archive. I apologize in advance if you have
> already thought of these.
>
> - I strongly encourage you to make key generation as easy as
> possible. Preferably, you should use as many defaults as possible.
> For instance, don't even offer the user the opportunity to set a
> comment! Ideally, I think the user should just have to enter her
> name and email address.
Exactly, I'm not asking for a Comment.
>
> - Please consider using GPGME and not --status-fd. (Note: GPGME now
> includes official bindings for Python.) Sure, --status-fd is a
> stable interface, but you'll find that once you want to do
> non-trivial things, it becomes more difficult. If there are some
> things that you can't figure out how to do in GPGME, please ask us
> and we'll either tell you how to do it, implement the feature, or
> tell you why it is a bad idea.
>
> - Please consider targetting the version of GnuPG that will be in the
> next version of Debian stable.
>
Is that just the latest one? I'm looking at this page:
https://packages.debian.org/stretch/gnupg
> - It would be great if you could support this workflow out of the
> box: a smartcard for the primary, and a smartcard for the subkeys.
> Placing the primary key on a smartcard makes it easy to sign keys
> from your main workstation without exposing the private key to the
> offline computer.
What we're doing now is creating a primary and secondary
encryption key as usual, then a separate encryption, signing and
authentication subkey. so those can be split across 2
smartcards.
>
> - Consider supporting subkey rotation. This requires creating new
> subkeys. Since most users will probably want their current and
> last subkeys to be live at the same time, you need to support two
> smartcards.
>
> - When the user finishes a session, it might make sense to write a
> script to the USB drive that automatically sends mails with the
> signed keys, and imports the public keys for the user's own key.
>
> - Can you please explain this: "develop a pinentry-whiptail UI for
> obtaining passphrase." Why do you need to do this? Normally,
> gpg-agent prompts for the passphrase.
Since the user isn't going through the interactive prompt, but
the TUI, the user just inputs the passphrase into the TUI, then
I want to avoid the prompt by using batch. The manual says this:
--quick-gen-key user-id algo usage expire
If this command is used with --batch, --pinentry-mode has been
set to loopback, and one of the passphrase options
(--passphrase, --passphrase-fd, or passphrase-file) is used, the
supplied passphrase is used for the new key and the agent does
not ask for it. To create a key without any protection
--passphrase '' may be used.
So I'm trying to make that happen in 2.1.16:
$ gpg2 --batch --passphrase $PASSWORD --pinentry-mode=loopback
--quick-gen-key $PRIMARY_UID $MASTER_KEY_ALGO default $MASTER_EXPIRY
> Thanks! Keep up the good work!
>
> :) Neal
>
> _______________________________________________
> PKI-Clean-Room-Devel mailing list
> PKI-Clean-Room-Devel at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pki-clean-room-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pki-clean-room-devel/attachments/20161222/74639572/attachment.sig>
More information about the PKI-Clean-Room-Devel
mailing list