Tag - PGP

Entries feed

Friday, 3 August, 2018

A Selection of talks from DebConf 2018

This is my selection of talks from DebConf18.

Thursday, 26 July, 2018

at daemon 3.1.23, with some fixes and now a signature

This is the public announcement of release 3.1.23.

I have made some non public releases of at daemon for internal development of the Debian package, since 3.1.20. This fixes some reported bugs and the development was made using http://salsa.debian.org. You can download the tar from here and the signature from here.

The Changelog:

at 3.1.21 (2018-07-23):
  Jose M Calhariz:
        Fix call of fcntl by replacing (long) 1 with FD_CLOEXEC

        Improve atd.service, see bug report 892819

        Remove stale at jobs after a boot.

        Fix some warnings in manpages at.1 and atd.8

        Remove invalid email from man pages.

at 3.1.22 (2018-07-24):
  Jose M Calhariz:
        Draft of a release script

at 3.1.23 (2018-07-24):
  Jose M Calhariz
        Finalised script to release software.

Add a PGP subkey to Yubikey 4

I have a Yubikey from the job and wanted to start signing git commit without copying my Debian PGP key to the work computer. No, I did not want to create a second class PGP key just for the work. Here are the instructions for someone else do the same.

On the master computer

  • Create a second home dir for gpg

Because of bug #904596 I recommend to move your GPG home directory out of the way. Copy it into the original directory before starting.

mv ~/.gnupg ~/.gnupg.ref
cp -r ~/.gnupg.ref ~/.gnupg
  • Create a subkey just for signing.

Create a subkey and take noticy of is id.

gpg --edit-key <KEY ID>
  • Move into the Yubikey.

Select the new subkey and move it into the Yubikey.

gpg --edit-key <KEY ID>
key <SUB KEY ID>
  • Publish the updated PGP Key
gpg --keyserver http://keyserver.ubuntu.com --send-keys <KEY ID>
  • Store the public URL of the key on Yubikey
gpg --edit-card
url http://https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=...
  • Backup both GPG home dir

On your master computer you need to use the old GPG home dir. But need to store both for the future.

mv ~/.gnupg ~/.gnupg.yubikey4
mv ~/.gnupg.ref ~/.gnupg
cd ~
tar cf gnupg-homedir.backup.tar .gnupg .gnupg.yubikey4
  • Test
gpg --armor --sign

Should work without asking for the Yubikey.

  • Wait for the Key server to update your public key with the new subkey.

On a new computer

  • Plug the Yubikey
  • Through Yubikey fetch the public PGP Key
gpg --edit-card
  • Test
gpg -armor --sign

Should ask for the Yubikey.