Todd Zullinger
8447ff7b99
Note GPG bug when creating NIST auth/sign subkeys
...
Users who wish to create NIST auth or sign subkeys using the
`--quick-add-key` command are likely to trip over a long-standing GPG
bug¹ which results in the following error:
$ gpg --expert --quick-add-key [fpr] nistp256 sign
gpg: Key generation failed: Wrong key usage
gpg: Key not changed so no update needed.
Help readers by noting the documented workaround. The GPG bug has been
open since July 2018. Unfortunately, it seems unlikely to be fixed
anytime soon.
¹ https://dev.gnupg.org/T4052
Signed-off-by: Todd Zullinger <tmz@pobox.com>
2022-10-05 17:23:46 -04:00
Konstantin Ryabitsev
0e769e1426
Merge pull request #44 from Tachi107/patch-1
...
protecting-code-integrity: fix typo in subtitle
2022-07-26 13:54:44 -04:00
Andrea Pappacoda
1e6e85aebb
protecting-code-integrity: fix typo in subtitle
...
cerification -> certification
Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>
2022-07-26 19:32:41 +02:00
Konstantin Ryabitsev
e536c34df0
Merge branch 'master' of https://github.com/mricon/itpol into mricon-master
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-13 15:12:38 -04:00
Konstantin Ryabitsev
bc0503d8bf
Update the code integrity guide for 2021
...
- Remove traces of gnupg-1.4, as everything is finally gnupg-2.x
- Switch to using ECC cryptography for the subkeys
- Stop calling the certification subkey the "master key" as it's a
bad analogy and that terminology isn't used anywhere in GnuPG docs
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-13 12:41:52 -04:00
salah3x
f879c68248
Add a table of contents to each guide
...
Signed-off-by: salah3x <salah.loukili@gmail.com>
2021-05-13 10:33:07 -04:00
Trevor Bramwell
19b027f63a
Fix Broken links to Announcement
...
The hosting space for the initial blog post announcing this work was
moved, and a redirect put in place. That redirect appears to have
stopped, or the article moved again. Either way, this appears to be the
canonical location of the article.
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2021-05-13 10:32:37 -04:00
Alexey Kopytko
4ca8b99e0b
Update protecting-code-integrity.md
...
Reset code is not for resetting the card to defaults. It is used to unblock the card after to many attempts to enter a user PIN code without an admin PIN.
From the developer:
http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-of-reset-code-optional
2021-05-13 10:32:37 -04:00
Konstantin Ryabitsev
6ff6fdad73
Use -o instead of stdout redirect with paperkey
...
Using -o makes sure that the file is created with 0600 permissions
instead of whatever the default umask setting is.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-13 10:32:33 -04:00
Konstantin Ryabitsev
31afef433d
Remove kernel-developer-pgp-guide
...
This document is now part of the official kernel documentation found
here:
https://www.kernel.org/doc/html/latest/process/maintainer-pgp-guide.html
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-13 10:27:24 -04:00
Andrew Grimberg
6c293acc00
Merge pull request #34 from salah3x/master
...
Add a table of contents to each guide
2020-05-11 09:13:28 -07:00
salah3x
11ed0bf162
Add a table of contents to each guide
...
Signed-off-by: salah3x <salah.loukili@gmail.com>
2020-05-10 07:14:30 +00:00
Andrew Grimberg
d6737c777e
Merge pull request #30 from bramwelt/master
...
Fix Broken links to Announcement
2019-04-16 09:19:05 -07:00
Trevor Bramwell
180a2fd99f
Fix Broken links to Announcement
...
The hosting space for the initial blog post announcing this work was
moved, and a redirect put in place. That redirect appears to have
stopped, or the article moved again. Either way, this appears to be the
canonical location of the article.
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2019-04-15 11:37:35 -07:00
Konstantin Ryabitsev
ff92fae080
Merge pull request #29 from sanmai/patch-1
...
Remove reset code instructions (erroneous info)
2019-04-08 13:03:31 -04:00
Alexey Kopytko
6e27a0f9ae
Update protecting-code-integrity.md
...
Reset code is not for resetting the card to defaults. It is used to unblock the card after to many attempts to enter a user PIN code without an admin PIN.
From the developer:
http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-of-reset-code-optional
2019-04-08 16:49:49 +09:00
Konstantin Ryabitsev
51026930ef
Use -o instead of stdout redirect with paperkey
...
Using -o makes sure that the file is created with 0600 permissions
instead of whatever the default umask setting is.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-31 20:40:03 -05:00
Konstantin Ryabitsev
51be7788df
Minor wording tweaks
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-26 11:59:28 -05:00
Konstantin Ryabitsev
2158dc39b2
Rework free software/audience paragraph
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-25 16:50:44 -05:00
Konstantin Ryabitsev
a4924d87b5
ECC support is in GnuPG 2.1+, not v2 in general
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-25 16:23:43 -05:00
Konstantin Ryabitsev
319a4729a3
Wording on the kernel guide
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-25 12:04:31 -05:00
Konstantin Ryabitsev
6747fadc24
Finish up the kernel developer PGP guide
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-25 11:54:52 -05:00
Konstantin Ryabitsev
7b5b243a37
Almost done on the kernel guide
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-24 17:23:23 -05:00
Konstantin Ryabitsev
85ae656965
Start work on kernel-specific guide
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-23 16:13:43 -05:00
Konstantin Ryabitsev
9ebcdf3b75
Minor tweaks and take out of BETA
...
Protecting code integrity is ready to go production.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-23 10:50:52 -05:00
Konstantin Ryabitsev
1d3b58d17a
Tweak some wording
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-18 16:41:38 -05:00
Konstantin Ryabitsev
7c7477f20c
What is git PGP integration trying to solve?
...
Per question in #28 , explain why git and pgp integration are useful.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-18 16:32:31 -05:00
Konstantin Ryabitsev
126e4f0b5d
Add a note that cp on sockets will fail, but is ok
...
Per issue #25 .
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-18 08:32:17 -05:00
Konstantin Ryabitsev
8a9d547d3e
Explain why master key is 4096 bits
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-18 08:28:38 -05:00
Konstantin Ryabitsev
d859f24c82
Merge pull request #26 from henrich/master
...
Add GPG4Win installation for Windows Platform
2017-12-18 08:15:17 -05:00
Hideki Yamane
f302bf3478
Add GPG4Win installation for Windows Platform
2017-12-17 13:22:56 +09:00
Konstantin Ryabitsev
e836303976
Merge pull request #24 from ftheile/patch-1
...
Use `--homedir` consistently
2017-12-15 13:53:54 -05:00
Frank Theile
1c36837f07
Use --homedir
consistently
2017-12-15 18:16:41 +01:00
Konstantin Ryabitsev
304cd46a38
Merge pull request #23 from ftheile/patch-2
...
Master key backup: use consistent mount point in all examples
2017-12-15 09:20:28 -05:00
Konstantin Ryabitsev
eaf82430cd
Merge pull request #22 from ftheile/patch-1
...
Always use `~` instead of `$HOME` for consistency
2017-12-15 09:20:01 -05:00
Frank Theile
3162817e7c
Master key backup: use consistent mount point in all examples
2017-12-15 08:53:25 +01:00
Frank Theile
6c208d9583
Always use ~
instead of $HOME
for consistency
2017-12-15 08:15:11 +01:00
Konstantin Ryabitsev
790759787e
Typo and wording fixes
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-14 15:08:16 -05:00
Konstantin Ryabitsev
e44163234d
Add TRANSLATIONS file
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-14 14:28:01 -05:00
Konstantin Ryabitsev
1501d8869d
Set status CURRENT/BETA/OUTDATED
...
Need to mark that the protecting-code-integrity document is not quite
ready to be called final product.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:44:35 -05:00
Konstantin Ryabitsev
eafaf6ccc1
Tweak verbiage
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:37:41 -05:00
Konstantin Ryabitsev
501e4ceb88
Remove the zh_CN translation
...
It's obsolete and I have decided not to track these in the same repo.
Please publish your own forks with translated documents and I will
create a translations.md file with links.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:18:09 -05:00
Konstantin Ryabitsev
3148a35dda
Add U2F section and tweak wks-security doc
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:16:44 -05:00
Konstantin Ryabitsev
34233e9d81
Move to protecting-coide-integrity
...
Largely finishes the document -- will work on updated content in
"trusted team communication" and by reviewing the workstation security
guide.
We need at least a basic workstation security guide for the Mac systems.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-12 16:54:03 -05:00
Konstantin Ryabitsev
9d61a13f1c
Edits and a privacy note for keyservers
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-11 14:07:21 -05:00
Konstantin Ryabitsev
f35667dddc
Add large chunk of git+pgp content
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-08 17:18:53 -05:00
Konstantin Ryabitsev
62815ea38e
Largely finish the PGP/smartcard section
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-07 15:53:50 -05:00
Konstantin Ryabitsev
a93d12f80a
Add more GnuPG bits
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-06 17:07:14 -05:00
Konstantin Ryabitsev
c51f664e8e
More base PGP work
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-05 16:37:05 -05:00
Konstantin Ryabitsev
526b138907
Start on Developer Security Hygiene
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-04 16:46:02 -05:00