dedicated live CD for PGP master key management

To: debian-devel@lists.debian.org
Subject: dedicated live CD for PGP master key management
From: Daniel Pocock <daniel@pocock.pro>
Date: Mon, 25 Apr 2016 10:15:02 +0200
Message-id: <[🔎] 571DD206.1070502@pocock.pro>

There are various blogs guiding people to use a Debian Live CD for
managing PGP master keys

Has anybody thought of making a dedicated live CD image for this
purpose, with some kind of PGP quick setup wizard and attempting to
enforce a sane and secure workflow?

One page I came across suggested using the Tails environment, but it is
not clear that using Tails is a good idea.  The focus of Tails is using
the network anonymously, whereas a PGP master key is intended to assert
your identity and may facilitate tracking you.  Having a different image
for this purpose may be a simple way to maintain a distinction between
these concepts.

Some specific things that the live image could do:
- verifying there is no network connection, no DHCP daemon,
automatically shutting down if a network connection becomes active
- formatting 2 or 3 flash drives in a mirrored configuration (md or
Btrfs) to mount at ~/.gnupg
- formatting another flash drive for distributing the public key
- preparing smart cards
- key renewal
- storing and printing revocation certificate
- asking users for their user ID in a GUI and doing all the necessary
gnupg commands for them
- logging all the gnupg commands for advanced users to inspect

Reply to:

Follow-Ups:
- Re: dedicated live CD for PGP master key management
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: dedicated live CD for PGP master key management
  - From: Adam Borowski <kilobyte@angband.pl>

Prev by Date: Extending the build profile namespace
Next by Date: Re: Extending the build profile namespace
Previous by thread: Re: Extending the build profile namespace
Next by thread: Re: dedicated live CD for PGP master key management
Index(es):
- Date
- Thread