Written on 12 Jul 2014, 5 min read.
2014 and it’s still annoyingly hard to find a reasonable GPG key management system for personal use… All I want is to keep the key material isolated from any Internet connected host, without requiring me to jump through major inconvenience every time I want to use the key.
An HSM/Smartcard of some sort is an obvious choice, but they all suck in their own ways:
- FSFE smartcard – it’s a smartcard, requires a reader, which are generally not particular portable compared to a USB stick.
- Yubikey Neo – restricted to 2048 bits, doesn’t allow imports of primary keys (only subkeys), so you either generate on device and have no backup, or maintain some off-device primary key with only subkeys on the Neo, negating the main benefits of it in the first place.
- Smartcard HSM – similar problems to the Neo, plus not really supported by GPG well (needs 2.0 with specific supporting module version requirements).
- Cryptostick – made by some Germans, sounds potentially great, but perpetually out of stock.
Which leaves basically only the “roll your own” dm-crypt+LUKS usb stick approach. It obviously works well, and is what I currently use, but it’s a bunch of effort to maintain, particularly if you decide, as I have, that the master key material can never touch a machine with a network connection. The implication is that you now need to keep an airgapped machine around, and maintain a set of subkeys that are OK for use on network connected machines to avoid going mad playing sneakernet for every package upload.
Continue reading...
Written on 26 Jun 2009, 2 min read.
From the better late than never category… I finally got around to signing keys from the LCA2006 key signing party, the verification sheet from which has travelled with me from NZ to Dublin and then sat on my desk for a few years. I inevitably lost a few of my notes and verifications along the way, so if you were still expecting a signature from me and didn’t get one let me know!
Continue reading...
Written on 24 Feb 2009, 6 min read.
I was very pleased to wake up this morning to the news that National has delayed the introduction of S92A via an order-in-council. It’s a nice short-term victory, but I’ll save the champagne until the law is fundamentally rewritten.
The most pleasing aspect of the decision is simply that it was made at all. Within two weeks, a small band of protesters were able to harness the power of the Internet to direct international attention and place enough pressure on a Government, whose Prime Minister admitted to not having read the bill prior, that he then took the time to understand the issues and personally announce the delay in implementation of the law. We owe much thanks to the Creative Freedom Foundation for all the effort they put into co-ordinating the protest and ensuring that a single coherent message was presented. Just a little bit of my cynicism and belief that politicians never listen to public opinion outside of election campaigns was chipped away today.
Continue reading...
Written on 08 Sep 2008, 6 min read.
It’s been a while since I last acquired new gadgets but I think I’ve made up for lost time with my last weeks purchases.
You may remember that I’ve had my eye on the Openmoko phones since early 2007, but in between shifting across the world and starting a new job I never got around to purchasing one of the first versions. The second version, the “Freerunner”, was released in June this year and I placed an order with Pulster, a local distributor, shortly after. The phones have been in hot demand, so I only received my phone last week, a wait of of almost 2 months, and it turned up missing one of the cables that was meant to come with it. Still some distribution kinks to be worked out.
Continue reading...
Written on 13 Jul 2008, 2 min read.
On hardy after the latest round of updates:
matt@krypton:~$ dpkg -s flashplugin-nonfree | grep Version
Version: 10.0.1.218+10.0.0.525ubuntu1~hardy1+really9.0.124.0ubuntu2
Granted this package is in hardy-backports not hardy proper, but still, what on earth?!?!
Well, it’s documented in the changelog on https://edge.launchpad.net/ubuntu/+source/flashplugin-nonfree. Ubuntu more or less refrains from using epochs unilaterally[0]. This upload was done to undo a bad backport to hardy, i.e. an old version (9.0.124.0ubuntu2) was uploaded to supersede one with a higher version number (10.0.1.218+10.0.0.525ubuntu1~hardy1).
Continue reading...
Written on 29 Mar 2007, 5 min read.
- - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-
e0acebd2-71f1-4df8-ae4d-50355ad7aa81
[ 6 ] Choice 1: Wouter Verhelst
[ 6 ] Choice 2: Aigars Mahinovs
[ 3 ] Choice 3: Gustavo Franco
[ 3 ] Choice 4: Sam Hocevar
[ 2 ] Choice 5: Steve McIntyre
[ 4 ] Choice 6: Raphaël Hertzog
[ 1 ] Choice 7: Anthony Towns
[ 6 ] Choice 8: Simon Richter
[ 5 ] Choice 9: None Of The Above
- - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-
My rationale follows, if you care…
Continue reading...