On 10 December 2012 02:18, Nick Daly <[email protected]> wrote: > For the FBX to be able to enforce identity standards, we need to > guarantee that SSH and PGP keys are available on for each user (in the > users group) on boxen at all times. This can be enforced by a simple > cron job that scans each user's home directory every hour or so and > creates the keys users need if they don't exist. To do that, we'd need > to get the information we need to create the key from the user ahead of > time and pass it into the key creation tool. > > The good news is that, if we do this sort of key creation in the > background, over time, we don't get hung up on the fact that we don't > have enough entropy when the box boots: keys will be continuously > created as entropy becomes available. This'll consume a lot of entropy, > so it's good that we only need to do it once per user. > > - Do we need other types of keys? > > - How does "gpg --gen-key --batch" work? > > - Does the entire structure work at all? What complications am I > missing? The locking might be a bit tricky, but hardly impossible. >
I like to use the same key for both GPG and X.509. Forthcoming GNOME keyrings may be able to syncronize things through PKCS11. It's possible to convert between the two using bouncy castle (I have some code) or maybe monkeysphere does it too. You also need a key for your web server, in the case you are using a self signed cert. > > Nick > > _______________________________________________ > Freedombox-discuss mailing list > [email protected] > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss >
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
