Le 2015/10/01 13:07 +0200, Niibe Yutaka a écrit:
> I think that Nitrokey series would be a right solution, both for
> hardware-wise and their perspective.
So far, looks good, so I'm hopeful :)
> As Peter suggested, I feel that your use case is not directly related
> to OpenPGP. It seems that you
Hello,
While the discussion proceeds, I can't determine which post I should
reply. Well, I think I reply to this post.
On 09/30/2015 10:37 PM, Laurent Blume wrote:
> The thing is, I asked around (on some other lists), and had a look at
> HSM's, we even have a hundred thousands € worth of HSM, us
Le 2015/09/30 16:10 +0200, Peter Lebbing a écrit:
> Yes. I have no experience in highly available services, let alone GnuPG in
> one.
> I'm just an enthousiast. I don't know if an OpenPGP Card is suitable (yet?)
> for
> situations where it is critical it always works. Since I upgraded to 2.1 on m
On 30/09/15 15:37, Laurent Blume wrote:
> Ultimately, a lot will depend on that, LUKS volumes, file encryption
> before transfer (GPG and SMIME), Apache secret keys (I've not dared yet
> think about that one), maybe some others if the PCI auditor feels like it.
Yes. I have no experience in highly
Le 2015/09/30 14:45 +0200, Peter Lebbing a écrit:
> Processes dying tend to cause breakages in general. The issue here,
> though, is indeed that simply restarting the process isn't enough.
> That's where a custom pinentry could help.
>
> In principle, it's not difficult to set up. If you want to a
On 30/09/15 14:04, Laurent Blume wrote:
> There are human resource issues there, but let's focus on the technical
> side.
Yes, I realise that.
> I've thought about it, but it's not that obvious to set up. It depends
> on scdaemon, which is started by gpg-agent.
> It means I would need to create a
Le 2015/09/30 13:19 +0200, Peter Lebbing a écrit:
> On 30/09/15 11:20, Laurent Blume wrote:
>> I really, really need it to be non-interactive.
>
> You can't unlock the card when the server is booted and then leave it
> unlocked for the whole time the server is up? You could do it in an SSH
> sessi
On 30/09/15 11:20, Laurent Blume wrote:
> I really, really need it to be non-interactive.
You can't unlock the card when the server is booted and then leave it
unlocked for the whole time the server is up? You could do it in an SSH
session, when correctly set up.
The OpenPGP Card does not permit
Le 2015/09/30 01:39 +0200, Niibe Yutaka a écrit:
> As far as I know, you can't provide a PIN by command line.
>
> You can provide passphrase from file for symmetric encryption, though.
>
> Instead, you can unlock your smartcard beforehand, interactively.
I really, really need it to be non-intera
On 09/30/2015 04:00 AM, Laurent Blume wrote:
> Non-interactively, however, I can't get it to work: gpg-agent always
> spawns a pinentry in the background, and gpg waits for it indefinitely,
> instead of using the PIN provided on the command line.
As far as I know, you can't provide a PIN by comman
Hello all,
I'm trying to setup automatic file decryption using a smartcard to store
the private key.
Interactively, it all works fine, I get the PIN request, enter it,
decryption works, all good.
Non-interactively, however, I can't get it to work: gpg-agent always
spawns a pinentry in the backg
11 matches
Mail list logo
