For the FBX to be able to enforce identity standards, we need to guarantee that SSH and PGP keys are available on for each user (in the users group) on boxen at all times. This can be enforced by a simple cron job that scans each user's home directory every hour or so and creates the keys users need if they don't exist. To do that, we'd need to get the information we need to create the key from the user ahead of time and pass it into the key creation tool.
The good news is that, if we do this sort of key creation in the background, over time, we don't get hung up on the fact that we don't have enough entropy when the box boots: keys will be continuously created as entropy becomes available. This'll consume a lot of entropy, so it's good that we only need to do it once per user. - Do we need other types of keys? - How does "gpg --gen-key --batch" work? - Does the entire structure work at all? What complications am I missing? The locking might be a bit tricky, but hardly impossible. Nick
pgp0fG7Nq20EU.pgp
Description: PGP signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
