Hi Luis, [...]
> > This requires the creation of a GnuPG set of keys, and shipping of > > the secret key in the Live-CD. > > > > So far no problem, but I dont have a clear opinion if it is a good > > idea to ship a secret key with password. Both is requierd, no doubt, > > and I would clearly mark this key as 'demo'. Is there a potential for > > abuse? > > The GNU PG key pair is at the client side, so we should be OK for > signing / validating documents. ..on the live-CD, client and server run in the same environment :-) > So, we shouldn't need to ship / generate key pairs for GnuPG. What I > would do is to make sure that GPG and it's related python library . No problem. > For the 2.8 version (Tryton 3.4), the gnuhealth installation program > call the "serverpass" script, that tightens security using cracklib and > encrypts the master server password. Yes, but thats for the server password and does not help an unexperienced user to generate a pair og PGP-Kexs ad make use of it in the Demo-DB. If you done it before, PGP key generation is a piece of cake, but dont forget - you are developer. If you are new to the encryption stuff it sounds more like 'OMG, whats that about?', and has some potential to fail. Even for Pro's (little note: Germany's HASPA, a bank in the northern part, was proud to introduce PGP encryption to end customers...until someone made them aware that all their keys are invalid - missing self-signature). But back to the original question....obstacles against a demo-key? Cheers/Axel
