On Tuesday 08 March 2005 10:46, David Härdeman [EMAIL PROTECTED] wrote:
o Especially on laptops, it might be interesting to also encrypt all of
/home and/or other parts of the harddrive to make the data unusuable
without the USB key. But how to integrate this with the other
requirements?
Hi David,
o Other issues?
it might also be interesting to take a look at a OpenPGP Smartcard. I am
experimenting with such a card at the moment and they are quite cool.
On [1] you can take a look at the features. A HOWTO for those cards will
be available in the next days.
o Especially on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Am Do den 17. Mär 2005 um 14:13 schriebst Du:
o Especially on laptops, it might be interesting to also encrypt all of
/home and/or other parts of the harddrive to make the data unusuable
without the USB key. But how to integrate this with
Eric Dorland wrote:
An arguably more secure approach would be to use a cryptographic smart
card in a usb key form factor with OpenSC. Unfortunately integration
with ssh and gpg is lacking at this point, but I hope to be able to do
something about that post-sarge (ssh has support but doesn't
hi matthias,
On Tue, Mar 15, 2005 at 08:02:34AM +0100, Matthias Urlichs wrote:
- when gnupg releases an official version 2, james uploads a new gnupg
that replaces the previous source package (or would it have to have
the same name?), and generates all binary packages.
That has been
Hi,
sean finney:
That has been agreed to.
i didn't see anything to that regard in the wnpp bug... do you have
a pointer to somewhere that i could verify that?
I talked with elmo about it in Barcelona, last December.
He basically said that, as long as it's understood that he gets the
hi,
On Wed, Mar 16, 2005 at 01:39:44AM +0100, Matthias Urlichs wrote:
also, what about the library issue?
Which library issue? AFAIK the packages co-exist nicely.
istr trying to build gpg-agent from the upstream source but the
configure script would fail because i didn't have the
Hi, David Hrdeman wrote:
o gpg-agent support in the same manner as ssh-agent would be neat. I
understand that this requires gnupg 2.0 though.
While gpg-agent is built from the gnupg 2.0 sources (a development
snapshot of which is currently sitting in the NEW queue ...), the agent
itself is
On Mon, Mar 14, 2005 at 09:30:54AM +0100, Matthias Urlichs wrote:
o gpg-agent support in the same manner as ssh-agent would be neat. I
understand that this requires gnupg 2.0 though.
While gpg-agent is built from the gnupg 2.0 sources (a development
snapshot of which is currently
Hi,
sean finney:
On Mon, Mar 14, 2005 at 09:30:54AM +0100, Matthias Urlichs wrote:
o gpg-agent support in the same manner as ssh-agent would be neat. I
understand that this requires gnupg 2.0 though.
While gpg-agent is built from the gnupg 2.0 sources (a development
snapshot of
Hi Sean!
sean finney [EMAIL PROTECTED]:
On Mon, Mar 14, 2005 at 09:30:54AM +0100, Matthias Urlichs wrote:
o gpg-agent support in the same manner as ssh-agent would be neat. I
understand that this requires gnupg 2.0 though.
While gpg-agent is built from the gnupg 2.0 sources (a
* David Härdeman wrote:
[...]
o gpg-agent support in the same manner as ssh-agent would be neat. I
understand that this requires gnupg 2.0 though.
Should be no problem with quintuple-agent.
Norbert
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
hi,
On Mon, Mar 14, 2005 at 02:19:46PM +0100, Erik Schanze wrote:
Your fingers lie on a bloody wound. ;-)
There was ITP #187548 for newpg, but was closed last summer.
aha.
Please reopen it and make a package for newpg to make KMail-Users happy.
If you have not enough time, would you
Hi, sean finney wrote:
- create a source package gnupg2
exists
- gnupg2 *only* produces package(s?) for the peripheral binar(y|ies)
a binary for gnupg2 exists too, with a warning that it's not for public
consumption
- when gnupg releases an official version 2, james uploads a new gnupg
On Wednesday 09 March 2005 01:42, David Härdeman wrote:
So the revocation could even be stored in cleartext on the usb key,
unless I'm mistaken?
Depending on the strength of the crypto/passphrase protecting your key, this
could lead at least to a DOS if the revocation is publicised without
On Tue, 8 Mar 2005, sean finney wrote:
you could easily extend the script i wrote to unencrypt/loop-mount
a filesystem-in-a-file without too much effort. prod me enough and
i might do it myself.
Prodding. :)
Moreover I'd suggest to send the result of it as patch to the gpg package
for inclusion
* David Pashley
| Ideally I want to keep the disk formatted as vfat so it is usable on
| other operating systems and use an ext2 loopback filesystem. Getting the
| system to mount that is the hard part.
You could partition the usb key and have a small partition for GPG/SSH
keys and the rest for
On Wed, 2005-03-09 at 11:34 +0100, Tollef Fog Heen wrote:
You could partition the usb key and have a small partition for GPG/SSH
keys and the rest for normal data transfers and stuff.
I was going to do the same, but picked up a rediculously cheap tiny USB
key, and only use it for this purpose.
On Tue, Mar 08, 2005 at 12:46:46AM +0100, David Härdeman wrote:
I've been meaning for some time to get a USB key to manage private keys
(such as gpg, ssh, etc), but it's not until recently that I tried to sit
down and sketch on how to implement it (filesystem layout,
functionality, which parts
On 07-Mar-05, 17:46 (CST), David H?rdeman [EMAIL PROTECTED] wrote:
o Revocation certificates for the gpg keys, are there arguments
for/against storing them on the usb key?
While you might store the revocation certificate (RC) on *a* key, I certainly
wouldn't store it on *the* key. If you
On Tue, 2005-03-08 at 00:46 +0100, David Härdeman wrote:
first of all, this might be slightly off-topic for the debian-devel
list, but I've got the impression that it's already been solved by some
DD's and might prove interesting to others (including non-DD's such as
me).
I use a very
On Tue, 2005-03-08 at 14:58 +, Ben Hill wrote:
In my home directory I create a symlink for /media/usbkey/ssh -
~/.ssh
and /media/usbkey/gnupg - ~/.gnupg.
It has to be said, this method isn't the most secure method by any
means, and I'm interested to hear other's approaches.
Cheers,
Ben
Op di, 08-03-2005 te 14:58 +, schreef Ben Hill:
On Tue, 2005-03-08 at 00:46 +0100, David Hrdeman wrote:
first of all, this might be slightly off-topic for the debian-devel
list, but I've got the impression that it's already been solved by some
DD's and might prove interesting to
On Tue, Mar 08, 2005 at 02:58:41PM +, Ben Hill wrote:
In my home directory I create a symlink for /media/usbkey/ssh - ~/.ssh
and /media/usbkey/gnupg - ~/.gnupg.
One can also use the --home flag to gpg.
--
Jesus Climent info:www.pumuki.org
Unix
On Tue, Mar 08, 2005 at 04:07:02PM +0100, Wouter Verhelst wrote:
The only difference is that, rather than symlinking ~/.gnupg, I symlink
~/.gnupg/secring.gpg; that way, I can mount the USB key read-only, which
allows me to safely remove it while still mounted; my trustdb and public
keyring
On Tue, 2005-03-08 at 16:07 +0100, Wouter Verhelst wrote:
The only difference is that, rather than symlinking ~/.gnupg, I
symlink
~/.gnupg/secring.gpg; that way, I can mount the USB key read-only,
which
allows me to safely remove it while still mounted; my trustdb and
public
keyring are
Wouter wrote:
Op di, 08-03-2005 te 14:58 +, schreef Ben Hill:
So, when I stick the dongle into the USB slot, the drive is
automatically mounted, and the symlinks point to my real key
directories.
When the key is out of the machine, my keys are safe offline.
This is also approximately
On Mar 08, 2005 at 14:58, Ben Hill praised the llamas by saying:
On Tue, 2005-03-08 at 00:46 +0100, David Härdeman wrote:
first of all, this might be slightly off-topic for the debian-devel
list, but I've got the impression that it's already been solved by some
DD's and might prove
On Tue, 2005-03-08 at 15:41 +, David Pashley wrote:
Ideally I want to keep the disk formatted as vfat so it is usable on
other operating systems and use an ext2 loopback filesystem. Getting
the
system to mount that is the hard part.
I initially had my stuff stored on a VFAT partition, and
On Tue, Mar 08, 2005 at 02:30:06AM -0500, sean finney wrote:
well, me wanting to do things the right way it ended up being a pretty
long script and i didn't think the list would appreciate random shell
scripts flying around. but, i'll go ahead and put it online:
On Tue, Mar 08, 2005 at 07:29:20AM -0600, Steve Greenland wrote:
On 07-Mar-05, 17:46 (CST), David H?rdeman [EMAIL PROTECTED] wrote:
o Revocation certificates for the gpg keys, are there arguments
for/against storing them on the usb key?
While you might store the revocation certificate (RC) on
hello,
On Wed, Mar 09, 2005 at 01:38:22AM +0100, David Härdeman wrote:
o when the usb key is inserted, the user is prompted for a password to
the encrypted loopback file which is then mounted, the ssh keys within
are fed to ssh agent, and the file is unmounted again.
you could easily
Hi all,
first of all, this might be slightly off-topic for the debian-devel
list, but I've got the impression that it's already been solved by some
DD's and might prove interesting to others (including non-DD's such as
me).
I've been meaning for some time to get a USB key to manage private
On Tue, Mar 08, 2005 at 12:46:46AM +0100, David Härdeman wrote:
o In order to minimize the exposure of the key, it might be wise to
mount the drive, load the keys (ssh,gpg) into the memory of the
appropriate agents and then unmount the drive. On the other hand, does
this actually provide
On Tue, Mar 08, 2005 at 12:46:59AM -0500, sean finney wrote:
On Tue, Mar 08, 2005 at 12:46:46AM +0100, David Härdeman wrote:
o In order to minimize the exposure of the key, it might be wise to
mount the drive, load the keys (ssh,gpg) into the memory of the
appropriate agents and then
An arguably more secure approach would be to use a cryptographic smart
card in a usb key form factor with OpenSC. Unfortunately integration
with ssh and gpg is lacking at this point, but I hope to be able to do
something about that post-sarge (ssh has support but doesn't compile
it in, and gnupg
On Mon, 7 Mar 2005 21:52:31 -0800, Steve Langasek [EMAIL PROTECTED]
wrote:
On Tue, Mar 08, 2005 at 12:46:59AM -0500, sean finney wrote:
On Tue, Mar 08, 2005 at 12:46:46AM +0100, David Härdeman wrote:
o In order to minimize the exposure of the key, it might be wise to
mount the drive, load
Any reason not to post it on-list? I was hoping to improve the
security/usability of my own setup based on the best practices offered up in
reply to this thread.
Yep. Seconded.
This is exactly what I was thinking while seeing this thread : let's
watch it and learn how my fellow DD and
hi,
On Mon, Mar 07, 2005 at 09:52:31PM -0800, Steve Langasek wrote:
i have a usb/hotplug/ssh-add script that loads an ssh key off of a usb
stick, and removes it when the usb stick is removed. if you're
interested i can send you a copy off-list.
Any reason not to post it on-list? I was
39 matches
Mail list logo
