On Tuesday 08 March 2005 10:46, David Härdeman <[EMAIL PROTECTED]> wrote:
> o Especially on laptops, it might be interesting to also encrypt all of
> /home and/or other parts of the harddrive to make the data unusuable
> without the USB key. But how to integrate this with the other
> requirem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Am Do den 17. Mär 2005 um 14:13 schriebst Du:
> > o Especially on laptops, it might be interesting to also encrypt all of
> > /home and/or other parts of the harddrive to make the data unusuable
> > without the USB key. But how to integrate this w
Eric Dorland wrote:
An arguably more secure approach would be to use a cryptographic smart
card in a usb key form factor with OpenSC. Unfortunately integration
with ssh and gpg is lacking at this point, but I hope to be able to do
something about that post-sarge (ssh has support but doesn't compile
hi,
On Wed, Mar 16, 2005 at 01:39:44AM +0100, Matthias Urlichs wrote:
> > also, what about the library issue?
> >
> Which library issue? AFAIK the packages co-exist nicely.
istr trying to build gpg-agent from the upstream source but the
configure script would fail because i didn't have the appro
Hi,
sean finney:
> > That has been agreed to.
>
> i didn't see anything to that regard in the wnpp bug... do you have
> a pointer to somewhere that i could verify that?
I talked with elmo about it in Barcelona, last December.
He basically said that, as long as it's understood that he gets the
p
hi matthias,
On Tue, Mar 15, 2005 at 08:02:34AM +0100, Matthias Urlichs wrote:
> > - when gnupg releases an official version 2, james uploads a new gnupg
> > that replaces the previous source package (or would it have to have
> > the same name?), and generates all binary packages.
> >
> That
Hi, sean finney wrote:
> - create a source package gnupg2
exists
> - gnupg2 *only* produces package(s?) for the peripheral binar(y|ies)
a binary for gnupg2 exists too, with a warning that it's not for public
consumption
> - when gnupg releases an official version 2, james uploads a new gnupg
>
hi,
On Mon, Mar 14, 2005 at 02:19:46PM +0100, Erik Schanze wrote:
> Your fingers lie on a bloody wound. ;-)
>
> There was ITP #187548 for newpg, but was closed last summer.
aha.
> Please reopen it and make a package for newpg to make KMail-Users happy.
> If you have not enough time, would you s
* David Härdeman wrote:
[...]
> o gpg-agent support in the same manner as ssh-agent would be neat. I
> understand that this requires gnupg 2.0 though.
Should be no problem with quintuple-agent.
Norbert
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? C
Hi Sean!
sean finney <[EMAIL PROTECTED]>:
> On Mon, Mar 14, 2005 at 09:30:54AM +0100, Matthias Urlichs wrote:
> > > o gpg-agent support in the same manner as ssh-agent would be neat. I
> > > understand that this requires gnupg 2.0 though.
> >
> > While gpg-agent is built from the gnupg 2.0 sourc
Hi,
sean finney:
> On Mon, Mar 14, 2005 at 09:30:54AM +0100, Matthias Urlichs wrote:
> > > o gpg-agent support in the same manner as ssh-agent would be neat. I
> > > understand that this requires gnupg 2.0 though.
> >
> > While gpg-agent is built from the gnupg 2.0 sources (a development
> > s
On Mon, Mar 14, 2005 at 09:30:54AM +0100, Matthias Urlichs wrote:
> > o gpg-agent support in the same manner as ssh-agent would be neat. I
> > understand that this requires gnupg 2.0 though.
>
> While gpg-agent is built from the gnupg 2.0 sources (a development
> snapshot of which is currently
Hi, David HÃrdeman wrote:
> o gpg-agent support in the same manner as ssh-agent would be neat. I
> understand that this requires gnupg 2.0 though.
While gpg-agent is built from the gnupg 2.0 sources (a development
snapshot of which is currently sitting in the NEW queue ...), the agent
itself i
On Tue, Mar 08, 2005 at 12:46:46AM +0100, David Härdeman wrote:
I've been meaning for some time to get a USB key to manage private keys
(such as gpg, ssh, etc), but it's not until recently that I tried to sit
down and sketch on how to implement it (filesystem layout,
functionality, which parts
On Wed, 2005-03-09 at 11:34 +0100, Tollef Fog Heen wrote:
> You could partition the usb key and have a small partition for GPG/SSH
> keys and the rest for normal data transfers and stuff.
I was going to do the same, but picked up a rediculously cheap tiny USB
key, and only use it for this purpose.
* David Pashley
| Ideally I want to keep the disk formatted as vfat so it is usable on
| other operating systems and use an ext2 loopback filesystem. Getting the
| system to mount that is the hard part.
You could partition the usb key and have a small partition for GPG/SSH
keys and the rest for
On Tue, 8 Mar 2005, sean finney wrote:
you could easily extend the script i wrote to unencrypt/loop-mount
a filesystem-in-a-file without too much effort. prod me enough and
i might do it myself.
Prodding. :)
Moreover I'd suggest to send the result of it as patch to the gpg package
for inclusion in
On Wednesday 09 March 2005 01:42, David Härdeman wrote:
> So the revocation could even be stored in cleartext on the usb key,
> unless I'm mistaken?
Depending on the strength of the crypto/passphrase protecting your key, this
could lead at least to a DOS if the revocation is publicised without
c
hello,
On Wed, Mar 09, 2005 at 01:38:22AM +0100, David Härdeman wrote:
> o when the usb key is inserted, the user is prompted for a password to
> the encrypted loopback file which is then mounted, the ssh keys within
> are fed to ssh agent, and the file is unmounted again.
you could easily ext
On Tue, Mar 08, 2005 at 07:29:20AM -0600, Steve Greenland wrote:
On 07-Mar-05, 17:46 (CST), David H?rdeman <[EMAIL PROTECTED]> wrote:
o Revocation certificates for the gpg keys, are there arguments
for/against storing them on the usb key?
While you might store the revocation certificate (RC) on
On Tue, Mar 08, 2005 at 02:30:06AM -0500, sean finney wrote:
well, me wanting to do things the "right way" it ended up being a pretty
long script and i didn't think the list would appreciate random shell
scripts flying around. but, i'll go ahead and put it online:
http://www.seanius.net/linux/keyl
On Tue, 2005-03-08 at 15:41 +, David Pashley wrote:
> Ideally I want to keep the disk formatted as vfat so it is usable on
> other operating systems and use an ext2 loopback filesystem. Getting
> the
> system to mount that is the hard part.
I initially had my stuff stored on a VFAT partition,
On Mar 08, 2005 at 14:58, Ben Hill praised the llamas by saying:
> On Tue, 2005-03-08 at 00:46 +0100, David Härdeman wrote:
> > first of all, this might be slightly off-topic for the debian-devel
> > list, but I've got the impression that it's already been solved by some
> > DD's and might prove
Wouter wrote:
>Op di, 08-03-2005 te 14:58 +, schreef Ben Hill:
>>
>> So, when I stick the dongle into the USB slot, the drive is
>> automatically mounted, and the symlinks point to my real key
>> directories.
>>
>> When the key is out of the machine, my keys are safe offline.
>
>This is also
On Tue, 2005-03-08 at 16:07 +0100, Wouter Verhelst wrote:
>
> The only difference is that, rather than symlinking ~/.gnupg, I
> symlink
> ~/.gnupg/secring.gpg; that way, I can mount the USB key read-only,
> which
> allows me to safely remove it while still mounted; my trustdb and
> public
> keyrin
On Tue, Mar 08, 2005 at 04:07:02PM +0100, Wouter Verhelst wrote:
>
> The only difference is that, rather than symlinking ~/.gnupg, I symlink
> ~/.gnupg/secring.gpg; that way, I can mount the USB key read-only, which
> allows me to safely remove it while still mounted; my trustdb and public
> keyri
On Tue, Mar 08, 2005 at 02:58:41PM +, Ben Hill wrote:
>
> In my home directory I create a symlink for /media/usbkey/ssh -> ~/.ssh
> and /media/usbkey/gnupg -> ~/.gnupg.
One can also use the --home flag to gpg.
--
Jesus Climent info:www.pumuki.org
Unix Sy
Op di, 08-03-2005 te 14:58 +, schreef Ben Hill:
> On Tue, 2005-03-08 at 00:46 +0100, David HÃrdeman wrote:
> > first of all, this might be slightly off-topic for the debian-devel
> > list, but I've got the impression that it's already been solved by some
> > DD's and might prove interesting t
On Tue, 2005-03-08 at 14:58 +, Ben Hill wrote:
>
> In my home directory I create a symlink for /media/usbkey/ssh ->
> ~/.ssh
> and /media/usbkey/gnupg -> ~/.gnupg.
It has to be said, this method isn't the most secure method by any
means, and I'm interested to hear other's approaches.
Cheers,
On Tue, 2005-03-08 at 00:46 +0100, David Härdeman wrote:
> first of all, this might be slightly off-topic for the debian-devel
> list, but I've got the impression that it's already been solved by some
> DD's and might prove interesting to others (including non-DD's such as
> me).
I use a very s
On 07-Mar-05, 17:46 (CST), David H?rdeman <[EMAIL PROTECTED]> wrote:
> o Revocation certificates for the gpg keys, are there arguments
> for/against storing them on the usb key?
While you might store the revocation certificate (RC) on *a* key, I certainly
wouldn't store it on *the* key. If yo
hi,
On Mon, Mar 07, 2005 at 09:52:31PM -0800, Steve Langasek wrote:
> > i have a usb/hotplug/ssh-add script that loads an ssh key off of a usb
> > stick, and removes it when the usb stick is removed. if you're
> > interested i can send you a copy off-list.
>
> Any reason not to post it on-list?
> Any reason not to post it on-list? I was hoping to improve the
> security/usability of my own setup based on the best practices offered up in
> reply to this thread.
Yep. Seconded.
This is exactly what I was thinking while seeing this thread : let's
watch it and learn how my fellow DD and Deb
On Mon, 7 Mar 2005 21:52:31 -0800, Steve Langasek <[EMAIL PROTECTED]>
wrote:
>On Tue, Mar 08, 2005 at 12:46:59AM -0500, sean finney wrote:
>> On Tue, Mar 08, 2005 at 12:46:46AM +0100, David Härdeman wrote:
>> > o In order to minimize the exposure of the key, it might be wise to
>> > mount the dri
An arguably more secure approach would be to use a cryptographic smart
card in a usb key form factor with OpenSC. Unfortunately integration
with ssh and gpg is lacking at this point, but I hope to be able to do
something about that post-sarge (ssh has support but doesn't compile
it in, and gnupg su
On Tue, Mar 08, 2005 at 12:46:59AM -0500, sean finney wrote:
> On Tue, Mar 08, 2005 at 12:46:46AM +0100, David Härdeman wrote:
> > o In order to minimize the exposure of the key, it might be wise to
> > mount the drive, load the keys (ssh,gpg) into the memory of the
> > appropriate agents and t
On Tue, Mar 08, 2005 at 12:46:46AM +0100, David Härdeman wrote:
> o In order to minimize the exposure of the key, it might be wise to
> mount the drive, load the keys (ssh,gpg) into the memory of the
> appropriate agents and then unmount the drive. On the other hand, does
> this actually prov
37 matches
Mail list logo
