making a Debian Live CD for managing GnuPG master key and smartcards

Daniel Pocock daniel at pocock.pro
Tue Apr 26 13:16:18 CEST 2016 


On 26/04/16 12:52, Dashamir Hoxha wrote:
> On Tue, Apr 26, 2016 at 9:53 AM, Daniel Pocock <daniel at pocock.pro
> <mailto:daniel at pocock.pro>> wrote:
> 
> 
>     There has been some discussion on debian-devel[1] about making a
>     bootable Debian Live CD specifically for GnuPG
> 
>     The benefit is that everything on the CD is self-contained, it can't be
>     tampered with, it can run without network support in the kernel and the
>     workflow would be controlled by a script.  All the details, including
>     workflow, are described in a wiki[2]
> 
>     I have some questions about this:
> 
>     - has anybody already seen anything like this?  Nobody likes
>     re-inventing the wheel
> 
>     - can we call all the necessary GnuPG commands from a script without the
>     user interacting directly with GnuPG, using "--batch" / unattanded
>     operation?  The sequence of commands involved would be similar to this
>     blog[3]
> 
>     - what would be the preferred way for the GUI to obtain and keep the
>     master key passphrase without prompting the user to re-enter it for
>     every operation?
> 
>     - would anybody else like to suggest improvements to the workflow?
> 
> 
> A project similar in goals (simplifying GnuPG by automating tasks and
> emphasising best practices) is this one: https://github.com/dashohoxha/egpg
> You can find the answer to some of the questions above by looking at its
> code.
> But I really think that you can incorporate it in your project, maybe
> extending it with new workflows that it doesn't have yet (related to
> using smartcards etc.).
> 
> In my opinion, the first thing to be done is to build a .deb package for
> it, so that it can be installed easily on all Debian derived systems,
> then you can also use it in your special Live CD system.
> This is the task about it: https://github.com/dashohoxha/egpg/issues/19
> 

Thanks for pointing this out

Could you add a section to the wiki about this, with an itemized list of
the tasks that need to be done, e.g.

 * packaging egpg and uploading to Debian
  * anybody can upload it to https://mentors.debian.net for a DD to sponsor
 * creating whiptail front-end for egpg
 * creating smartcard support for egpg

Please add any other individual tasks that would be necessary

Regards,

Daniel

More information about the Gnupg-users mailing list