Re: hardware tokens and subkey rotation [was: Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)]
On Thu, 2018-04-19 at 11:44 -0700, Daniel Kahn Gillmor wrote:
> [ adding James in Cc, but this is now so far off-topic that it'll be
> my
> last on-list e-mail to this thread ]
>
> On Wed 2018-04-18 22:55:17 +0200, Philipp Kern wrote:
> > I think the work James Bottomley is doing on TPM2 would help with
> > this,
> > once merged into gnupg2 at some point in the future. In that case
> > multiple key blobs can be sealed to the crypto chip in your laptop
> > and
> > you can have as many as you want. And the crypto operations do not
> > run
> > on the main CPU.
> >
> > Alas I was a little disappointed that most of the things he talks
> > about
> > were not yet merged upstream in the various projects he provides
> > patches
> > for. Despite doing the right thing and proposing them in the right
> > venues. ;-)
>
> we should get those patches upstreamed then :)
>
> I've just pinged the gnupg-devel mailing list to see if we can re-
> start
> the discussion of them.
So for gnupg, it already has its own branch: tpm-work in gnupg.
The blocker is that Werner wants it daemonized via assuan rather than
directy linked, so I'm working on that, but it's slow going because the
daemons have rather a lot of cruft I have to port along with the code.
James
Reply to: