On 09/30/2015 07:54 PM, Peter Lebbing wrote:
> So that's my scenario. I'm just expressing my idea of what would be
> cool. If you decide to work on authentication with OpenPGP cards, this
> is an idea for one way of using it.
Thank you for explanation. I could imagine the use case for
OpenPGPcard
On Wednesday 30 September 2015 15:58:51 Robert J. Hansen wrote:
> > I create for myself a gpg key and want to get it signed
>
> More important than whether your certificate gets signed is who signs
> the certificate, who they are connected to, and so on.
>
> Some people will sign almost anything.
Hi Marcus,
> Ok, I'm not sure whether someone from the Nitrokey team is following this
> list, so I'll contact them and ask them to reproduce this. The card claims
> to support 4096bit and since the key is on the card it should be possible
> to use it, too... Fingers crossed... ;)
I got a heads-up
> I create for myself a gpg key and want to get it signed
More important than whether your certificate gets signed is who signs
the certificate, who they are connected to, and so on.
Some people will sign almost anything. People who get a reputation for
signing anything develop a reputation for
Hello,
I create for myself a gpg key and want to get it signed, however I've
sent out half a dozen requests and so far I've gotten only negative
responses to the effect that I must know so-and-so and we must met in
person (considering that the person responds at all).
Now, I'm a student (think penn
Le 2015/09/30 16:10 +0200, Peter Lebbing a écrit:
> Yes. I have no experience in highly available services, let alone GnuPG in
> one.
> I'm just an enthousiast. I don't know if an OpenPGP Card is suitable (yet?)
> for
> situations where it is critical it always works. Since I upgraded to 2.1 on m
On 30/09/15 15:37, Laurent Blume wrote:
> Ultimately, a lot will depend on that, LUKS volumes, file encryption
> before transfer (GPG and SMIME), Apache secret keys (I've not dared yet
> think about that one), maybe some others if the PCI auditor feels like it.
Yes. I have no experience in highly
Le 2015/09/30 14:45 +0200, Peter Lebbing a écrit:
> Processes dying tend to cause breakages in general. The issue here,
> though, is indeed that simply restarting the process isn't enough.
> That's where a custom pinentry could help.
>
> In principle, it's not difficult to set up. If you want to a
On 30/09/15 14:04, Laurent Blume wrote:
> There are human resource issues there, but let's focus on the technical
> side.
Yes, I realise that.
> I've thought about it, but it's not that obvious to set up. It depends
> on scdaemon, which is started by gpg-agent.
> It means I would need to create a
Le 2015/09/30 13:19 +0200, Peter Lebbing a écrit:
> On 30/09/15 11:20, Laurent Blume wrote:
>> I really, really need it to be non-interactive.
>
> You can't unlock the card when the server is booted and then leave it
> unlocked for the whole time the server is up? You could do it in an SSH
> sessi
On 30/09/15 11:20, Laurent Blume wrote:
> I really, really need it to be non-interactive.
You can't unlock the card when the server is booted and then leave it
unlocked for the whole time the server is up? You could do it in an SSH
session, when correctly set up.
The OpenPGP Card does not permit
On 30/09/15 02:17, NIIBE Yutaka wrote:
> Perhaps, if there are some demands, I should write U2F module using
> gpg-agent (and revive Scute, accordingly). I believe that this is a
> way to go, for those users who want to consolidate things cleanly.
Personally, my main interest lies with authentica
Le 2015/09/30 01:39 +0200, Niibe Yutaka a écrit:
> As far as I know, you can't provide a PIN by command line.
>
> You can provide passphrase from file for symmetric encryption, though.
>
> Instead, you can unlock your smartcard beforehand, interactively.
I really, really need it to be non-intera
Hi !
concerning PAM authentification with SSH,
you may want to give a try to libpam-ssh
Jerome
On 30/09/15 02:17, NIIBE Yutaka wrote:
> Hello,
>
> Yesterday, I included my answer to your question to a different
> thread. I should have replied to this post.
>
> I think that your question is re
14 matches
Mail list logo
