[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] Creating Box Identity Keys

For the FBX to be able to enforce identity standards, we need to
guarantee that SSH and PGP keys are available on for each user (in the
users group) on boxen at all times.  This can be enforced by a simple
cron job that scans each user's home directory every hour or so and
creates the keys users need if they don't exist.  To do that, we'd need
to get the information we need to create the key from the user ahead of
time and pass it into the key creation tool.

The good news is that, if we do this sort of key creation in the
background, over time, we don't get hung up on the fact that we don't
have enough entropy when the box boots: keys will be continuously
created as entropy becomes available.  This'll consume a lot of entropy,
so it's good that we only need to do it once per user.

- Do we need other types of keys?

- How does "gpg --gen-key --batch" work?

- Does the entire structure work at all?  What complications am I
  missing?  The locking might be a bit tricky, but hardly impossible.

Nick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20121209/4e3eb135/attachment-0001.pgp>
Reply to: