making a Debian Live CD for managing GnuPG master key and smartcards
Daniel Pocock
daniel at pocock.pro
Tue Apr 26 09:53:06 CEST 2016
There has been some discussion on debian-devel[1] about making a
bootable Debian Live CD specifically for GnuPG
The benefit is that everything on the CD is self-contained, it can't be
tampered with, it can run without network support in the kernel and the
workflow would be controlled by a script. All the details, including
workflow, are described in a wiki[2]
I have some questions about this:
- has anybody already seen anything like this? Nobody likes
re-inventing the wheel
- can we call all the necessary GnuPG commands from a script without the
user interacting directly with GnuPG, using "--batch" / unattanded
operation? The sequence of commands involved would be similar to this
blog[3]
- what would be the preferred way for the GUI to obtain and keep the
master key passphrase without prompting the user to re-enter it for
every operation?
- would anybody else like to suggest improvements to the workflow?
1. https://lists.debian.org/msgid-search/571DD206.1070502@pocock.pro
2. https://wiki.debian.org/OpenPGP/CleanRoomLiveEnvironment
3.
https://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/
More information about the Gnupg-users
mailing list