[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] Creating Box Identity Keys

Why not just generate high amounts of entropy on a constant basis?  Create the keys when the user account gets created? That's the approach we (Free Network Foundation) are taking with the AutoTunnel system.

Nick Daly <nick.m.daly at gmail.com> wrote:

>For the FBX to be able to enforce identity standards, we need to
>guarantee that SSH and PGP keys are available on for each user (in the
>users group) on boxen at all times.  This can be enforced by a simple
>cron job that scans each user's home directory every hour or so and
>creates the keys users need if they don't exist.  To do that, we'd need
>to get the information we need to create the key from the user ahead of
>time and pass it into the key creation tool.
>The good news is that, if we do this sort of key creation in the
>background, over time, we don't get hung up on the fact that we don't
>have enough entropy when the box boots: keys will be continuously
>created as entropy becomes available.  This'll consume a lot of
>so it's good that we only need to do it once per user.
>- Do we need other types of keys?
>- How does "gpg --gen-key --batch" work?
>- Does the entire structure work at all?  What complications am I
>  missing?  The locking might be a bit tricky, but hardly impossible.
>Freedombox-discuss mailing list
>Freedombox-discuss at lists.alioth.debian.org

Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20121209/6d0a127a/attachment.html>

Reply to: