fix: update advanced setup section
This commit is contained in:
parent
bfe3aca5f7
commit
511131fff7
|
@ -14,6 +14,14 @@ developed by Phil Zimmermann in the 1990s.
|
||||||
|
|
||||||
* Uses asymmetric / public key cryptography
|
* Uses asymmetric / public key cryptography
|
||||||
|
|
||||||
|
<!--
|
||||||
|
What are some useful ways we can use OpenPGP:
|
||||||
|
* Email encryption and signing
|
||||||
|
* Signing git commits
|
||||||
|
* SSH
|
||||||
|
* Password management
|
||||||
|
-->
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Implementations
|
## Implementations
|
||||||
|
@ -151,21 +159,18 @@ developed by Phil Zimmermann in the 1990s.
|
||||||
---
|
---
|
||||||
## Advanced - cold / virtualization
|
## Advanced - cold / virtualization
|
||||||
|
|
||||||
* Can use `gpg` / `sq` / `keyfork`
|
* Can use `gpg` / `sq` / `keyfork` to derive
|
||||||
|
|
||||||
|
* Key is to derive keys in a secure environment:
|
||||||
|
* Airgapped system (preferred)
|
||||||
|
* Virtual machine on a hypervisor via hardware virtualization (ok for some threat models)
|
||||||
|
|
||||||
* [Hashbang GPG Guide](https://book.hashbang.sh/docs/security/key-management/gnupg/): helpful guide for GPG - good resource for beginners who want to do the advanced setup
|
* [Hashbang GPG Guide](https://book.hashbang.sh/docs/security/key-management/gnupg/): helpful guide for GPG - good resource for beginners who want to do the advanced setup
|
||||||
|
|
||||||
* [openpgp-card-tools](https://codeberg.org/openpgp-card/openpgp-card-tools): great for loading keys onto smart cards
|
* [openpgp-card-tools](https://codeberg.org/openpgp-card/openpgp-card-tools): great for loading keys onto smart cards
|
||||||
|
|
||||||
* Can use a variety of smart cards: NitroKey3, SoloKey, Yubikey
|
* Can use a variety of smart cards: NitroKey3, SoloKey, Yubikey
|
||||||
* NitroKey and SoloKey are fully open which is great for verifiability - may requires flashing firmware
|
* NitroKey and SoloKey are fully open which is great for verifiability - may requires flashing firmware
|
||||||
|
|
||||||
* [openpgp-card-tools](https://codeberg.org/openpgp-card/openpgp-card-tools) is helpful for loading the card
|
|
||||||
|
|
||||||
* Airgapped system (preferred)
|
|
||||||
|
|
||||||
* Virtual machine on a hypervisor via hardware virtualization (ok for some threat models)
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Backup Trick 🧙
|
## Backup Trick 🧙
|
||||||
|
|
Loading…
Reference in New Issue