diff options
Diffstat (limited to 'zarb-ml/mageia-dev/20110131/002394.html')
| -rw-r--r-- | zarb-ml/mageia-dev/20110131/002394.html | 134 |
1 files changed, 134 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/20110131/002394.html b/zarb-ml/mageia-dev/20110131/002394.html new file mode 100644 index 000000000..dfabedb87 --- /dev/null +++ b/zarb-ml/mageia-dev/20110131/002394.html @@ -0,0 +1,134 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] PGP keys and package signing + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131165111.GJ21938%40mars-attacks.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="002388.html"> + <LINK REL="Next" HREF="002382.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] PGP keys and package signing</H1> + <B>nicolas vigier</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131165111.GJ21938%40mars-attacks.org%3E" + TITLE="[Mageia-dev] PGP keys and package signing">boklm at mars-attacks.org + </A><BR> + <I>Mon Jan 31 17:51:11 CET 2011</I> + <P><UL> + <LI>Previous message: <A HREF="002388.html">[Mageia-dev] PGP keys and package signing +</A></li> + <LI>Next message: <A HREF="002382.html">[Mageia-dev] BS down +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#2394">[ date ]</a> + <a href="thread.html#2394">[ thread ]</a> + <a href="subject.html#2394">[ subject ]</a> + <a href="author.html#2394">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On Mon, 31 Jan 2011, Michael Scherer wrote: + +><i> > So I propose that we use two keys : +</I>><i> > - We sign all packages from all repositories using only one key. This +</I>><i> > key is stored on the buildsystem. We can call it <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">packages at mageia.org.</A> +</I>><i> > - We have an other key, that we call <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org.</A> This key is +</I>><i> > not used on any online server, and is supposed to never be changed, +</I>><i> > and should not be compromised. Only a few people have a copy of this +</I>><i> > key (some people from board ?), kept on a usb key hidden somewhere, but +</I>><i> > not on their laptop or any computer with internet connection. This key +</I>><i> > is used to sign the key <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">packages at mageia.org</A> (and revoke it if needed), +</I>><i> > and other official keys of the project, but never used for anything +</I>><i> > else (not for receiving encrypted messages). And the signature is +</I>><i> > sent on public keyservers. +</I>><i> +</I>><i> If we want to sign the key, we will have a network connection, no ? +</I> +We can sign it, and copy the signed key on an other computer to upload +it. Doing something like this : + - We have Computer A with internet connection. + - We have Computer B without internet connection, running on a livecd + with tmpfs + - On computer A: we download the packages@ public key, and the public + key of all board members (if needed), and save this on a USB key + - On computer B: we use the USB key to import all public keys in keyring + - On computer B: We generate the board@ key + - On computer B: We sign the packages@ key using board@ key + - On computer B: We save the signed packages@ key, and public board@ + key on the USB key + - On computer A: We use the USB key to upload the signed packages@ key, + and board@ key on keyservers + - On computer B: We encrypt the board@ private key using public key of + board members or shamir secret sharing, and copy the encrypted files on + USB keys to give them to board members + - We destroy computer B (or alternatively we simply turn it off to + remove tmpfs) + +><i> > If we decide to do this, someone from board could generate the key next +</I>><i> > week at fosdem after the election, save it on usb key for other board +</I>><i> > members, and give the fingerprint to everybody to sign the key. +</I>><i> +</I>><i> I would rather make sure that the key cannot be used by only one board +</I>><i> member. Not that I do not trust people for that ( they are the board +</I>><i> after all ), but it would be safer to have it distributed and resilient +</I>><i> if someone steal the key ( like a burglar, etc ). +</I>><i> +</I>><i> Maybe have it password protected should be sufficient ( except if people +</I>><i> forget that password, or stick it to the key ). +</I>><i> +</I>><i> Pascal proposed to use <A HREF="https://store.ironkey.com/personal">https://store.ironkey.com/personal</A> , on the +</I>><i> thread +</I>><i> <A HREF="https://www.mageia.org/pipermail/mageia-sysadm/2011-January/002155.html">https://www.mageia.org/pipermail/mageia-sysadm/2011-January/002155.html</A> +</I>><i> +</I>><i> Another last solution to prevent theft would to use shamir secret +</I>><i> sharing ( as also said in the other thread, but maybe I am too insistant +</I>><i> on this wonderful cryptographic invention ). This way, people would have +</I>><i> to steal several part of the file to get something usable. +</I>><i> ( for Harry Potter fan, think of horcruxes ) +</I> +Oops, I should have mentioned this thread in the 1st mail (but didn't +find it yesterday). + +><i> And also, I think we should routinely make sure the key is readable +</I>><i> ( ie, that people know where it is, and the support is still good ), so +</I>><i> we do not discover one day that half the key keeper lost the key while +</I>><i> moving, thinking someone else had it, and the other half stored it near +</I>><i> magnet, rendering it unreadable. +</I> +Maybe we could test it every year at fosdem ? + +</PRE> + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="002388.html">[Mageia-dev] PGP keys and package signing +</A></li> + <LI>Next message: <A HREF="002382.html">[Mageia-dev] BS down +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#2394">[ date ]</a> + <a href="thread.html#2394">[ thread ]</a> + <a href="subject.html#2394">[ subject ]</a> + <a href="author.html#2394">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |