1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] PGP keys and package signing
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131165111.GJ21938%40mars-attacks.org%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="002388.html">
<LINK REL="Next" HREF="002382.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] PGP keys and package signing</H1>
<B>nicolas vigier</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131165111.GJ21938%40mars-attacks.org%3E"
TITLE="[Mageia-dev] PGP keys and package signing">boklm at mars-attacks.org
</A><BR>
<I>Mon Jan 31 17:51:11 CET 2011</I>
<P><UL>
<LI>Previous message: <A HREF="002388.html">[Mageia-dev] PGP keys and package signing
</A></li>
<LI>Next message: <A HREF="002382.html">[Mageia-dev] BS down
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#2394">[ date ]</a>
<a href="thread.html#2394">[ thread ]</a>
<a href="subject.html#2394">[ subject ]</a>
<a href="author.html#2394">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>On Mon, 31 Jan 2011, Michael Scherer wrote:
><i> > So I propose that we use two keys :
</I>><i> > - We sign all packages from all repositories using only one key. This
</I>><i> > key is stored on the buildsystem. We can call it <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">packages at mageia.org.</A>
</I>><i> > - We have an other key, that we call <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org.</A> This key is
</I>><i> > not used on any online server, and is supposed to never be changed,
</I>><i> > and should not be compromised. Only a few people have a copy of this
</I>><i> > key (some people from board ?), kept on a usb key hidden somewhere, but
</I>><i> > not on their laptop or any computer with internet connection. This key
</I>><i> > is used to sign the key <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">packages at mageia.org</A> (and revoke it if needed),
</I>><i> > and other official keys of the project, but never used for anything
</I>><i> > else (not for receiving encrypted messages). And the signature is
</I>><i> > sent on public keyservers.
</I>><i>
</I>><i> If we want to sign the key, we will have a network connection, no ?
</I>
We can sign it, and copy the signed key on an other computer to upload
it. Doing something like this :
- We have Computer A with internet connection.
- We have Computer B without internet connection, running on a livecd
with tmpfs
- On computer A: we download the packages@ public key, and the public
key of all board members (if needed), and save this on a USB key
- On computer B: we use the USB key to import all public keys in keyring
- On computer B: We generate the board@ key
- On computer B: We sign the packages@ key using board@ key
- On computer B: We save the signed packages@ key, and public board@
key on the USB key
- On computer A: We use the USB key to upload the signed packages@ key,
and board@ key on keyservers
- On computer B: We encrypt the board@ private key using public key of
board members or shamir secret sharing, and copy the encrypted files on
USB keys to give them to board members
- We destroy computer B (or alternatively we simply turn it off to
remove tmpfs)
><i> > If we decide to do this, someone from board could generate the key next
</I>><i> > week at fosdem after the election, save it on usb key for other board
</I>><i> > members, and give the fingerprint to everybody to sign the key.
</I>><i>
</I>><i> I would rather make sure that the key cannot be used by only one board
</I>><i> member. Not that I do not trust people for that ( they are the board
</I>><i> after all ), but it would be safer to have it distributed and resilient
</I>><i> if someone steal the key ( like a burglar, etc ).
</I>><i>
</I>><i> Maybe have it password protected should be sufficient ( except if people
</I>><i> forget that password, or stick it to the key ).
</I>><i>
</I>><i> Pascal proposed to use <A HREF="https://store.ironkey.com/personal">https://store.ironkey.com/personal</A> , on the
</I>><i> thread
</I>><i> <A HREF="https://www.mageia.org/pipermail/mageia-sysadm/2011-January/002155.html">https://www.mageia.org/pipermail/mageia-sysadm/2011-January/002155.html</A>
</I>><i>
</I>><i> Another last solution to prevent theft would to use shamir secret
</I>><i> sharing ( as also said in the other thread, but maybe I am too insistant
</I>><i> on this wonderful cryptographic invention ). This way, people would have
</I>><i> to steal several part of the file to get something usable.
</I>><i> ( for Harry Potter fan, think of horcruxes )
</I>
Oops, I should have mentioned this thread in the 1st mail (but didn't
find it yesterday).
><i> And also, I think we should routinely make sure the key is readable
</I>><i> ( ie, that people know where it is, and the support is still good ), so
</I>><i> we do not discover one day that half the key keeper lost the key while
</I>><i> moving, thinking someone else had it, and the other half stored it near
</I>><i> magnet, rendering it unreadable.
</I>
Maybe we could test it every year at fosdem ?
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="002388.html">[Mageia-dev] PGP keys and package signing
</A></li>
<LI>Next message: <A HREF="002382.html">[Mageia-dev] BS down
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#2394">[ date ]</a>
<a href="thread.html#2394">[ thread ]</a>
<a href="subject.html#2394">[ subject ]</a>
<a href="author.html#2394">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
