CodeMirror/itpol
1
0
Fork 0
mirror of synced 2024-05-18 19:33:03 +12:00
Code Issues Projects Releases Wiki Activity
94 commits 1 branch 0 tags 314 KiB
Commit graph

24 commits

Author SHA1 Message Date
Colin Walters 5f312376b7
Merge b2e45bc641 into 0e769e1426 2022-08-18 16:10:43 +08:00
Andrea Pappacoda 1e6e85aebb
protecting-code-integrity: fix typo in subtitle 
cerification -> certification

Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>
 2022-07-26 19:32:41 +02:00
Konstantin Ryabitsev bc0503d8bf
Update the code integrity guide for 2021 
- Remove traces of gnupg-1.4, as everything is finally gnupg-2.x
- Switch to using ECC cryptography for the subkeys
- Stop calling the certification subkey the "master key" as it's a
  bad analogy and that terminology isn't used anywhere in GnuPG docs

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2021-05-13 12:41:52 -04:00
salah3x f879c68248 Add a table of contents to each guide 
Signed-off-by: salah3x <salah.loukili@gmail.com>
 2021-05-13 10:33:07 -04:00
Alexey Kopytko 4ca8b99e0b Update protecting-code-integrity.md 
Reset code is not for resetting the card to defaults. It is used to unblock the card after to many attempts to enter a user PIN code without an admin PIN.

From the developer:

http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-of-reset-code-optional
 2021-05-13 10:32:37 -04:00
Konstantin Ryabitsev 6ff6fdad73 Use -o instead of stdout redirect with paperkey 
Using -o makes sure that the file is created with 0600 permissions
instead of whatever the default umask setting is.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2021-05-13 10:32:33 -04:00
Konstantin Ryabitsev 2158dc39b2
Rework free software/audience paragraph 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-25 16:50:44 -05:00
Konstantin Ryabitsev 6747fadc24
Finish up the kernel developer PGP guide 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-25 11:54:52 -05:00
Konstantin Ryabitsev 9ebcdf3b75
Minor tweaks and take out of BETA 
Protecting code integrity is ready to go production.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-23 10:50:52 -05:00
Konstantin Ryabitsev 1d3b58d17a
Tweak some wording 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-18 16:41:38 -05:00
Konstantin Ryabitsev 7c7477f20c
What is git PGP integration trying to solve? 
Per question in #28, explain why git and pgp integration are useful.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-18 16:32:31 -05:00
Konstantin Ryabitsev 126e4f0b5d
Add a note that cp on sockets will fail, but is ok 
Per issue #25.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-18 08:32:17 -05:00
Konstantin Ryabitsev 8a9d547d3e
Explain why master key is 4096 bits 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-18 08:28:38 -05:00
Hideki Yamane f302bf3478
Add GPG4Win installation for Windows Platform 2017-12-17 13:22:56 +09:00
Frank Theile 1c36837f07
Use --homedir consistently 2017-12-15 18:16:41 +01:00
Konstantin Ryabitsev 304cd46a38
Merge pull request #23 from ftheile/patch-2 
Master key backup: use consistent mount point in all examples
 2017-12-15 09:20:28 -05:00
Frank Theile 3162817e7c
Master key backup: use consistent mount point in all examples 2017-12-15 08:53:25 +01:00
Frank Theile 6c208d9583
Always use ~ instead of $HOME for consistency 2017-12-15 08:15:11 +01:00
Colin Walters b2e45bc641 code-integrity: Link to git-evtag 
This doc mentions the SHA1 for example which is something evtag was explicitly
designed to address, and it long predates shatter.io etc.

Yes someday I'll try to find the time to push evtag to git upstream...
 2017-12-14 17:03:53 -05:00
Konstantin Ryabitsev 790759787e
Typo and wording fixes 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-14 15:08:16 -05:00
Konstantin Ryabitsev 1501d8869d
Set status CURRENT/BETA/OUTDATED 
Need to mark that the protecting-code-integrity document is not quite
ready to be called final product.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-13 16:44:35 -05:00
Konstantin Ryabitsev eafaf6ccc1
Tweak verbiage 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-13 16:37:41 -05:00
Konstantin Ryabitsev 3148a35dda
Add U2F section and tweak wks-security doc 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-13 16:16:44 -05:00
Konstantin Ryabitsev 34233e9d81
Move to protecting-coide-integrity 
Largely finishes the document -- will work on updated content in
"trusted team communication" and by reviewing the workstation security
guide.

We need at least a basic workstation security guide for the Mac systems.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-12 16:54:03 -05:00
Renamed from developer-security-hygiene.md (Browse further)