Users who wish to create NIST auth or sign subkeys using the
`--quick-add-key` command are likely to trip over a long-standing GPG
bug¹ which results in the following error:
$ gpg --expert --quick-add-key [fpr] nistp256 sign
gpg: Key generation failed: Wrong key usage
gpg: Key not changed so no update needed.
Help readers by noting the documented workaround. The GPG bug has been
open since July 2018. Unfortunately, it seems unlikely to be fixed
anytime soon.
¹ https://dev.gnupg.org/T4052
Signed-off-by: Todd Zullinger <tmz@pobox.com>
- Remove traces of gnupg-1.4, as everything is finally gnupg-2.x
- Switch to using ECC cryptography for the subkeys
- Stop calling the certification subkey the "master key" as it's a
bad analogy and that terminology isn't used anywhere in GnuPG docs
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Using -o makes sure that the file is created with 0600 permissions
instead of whatever the default umask setting is.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Need to mark that the protecting-code-integrity document is not quite
ready to be called final product.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Largely finishes the document -- will work on updated content in
"trusted team communication" and by reviewing the workstation security
guide.
We need at least a basic workstation security guide for the Mac systems.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-12 16:54:03 -05:00
Renamed from developer-security-hygiene.md (Browse further)