fix: update advanced setup section

This commit is contained in:
Anton Livaja 2024-09-18 09:42:16 -04:00
parent bfe3aca5f7
commit 511131fff7
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
1 changed files with 15 additions and 10 deletions

View File

@ -14,6 +14,14 @@ developed by Phil Zimmermann in the 1990s.
* Uses asymmetric / public key cryptography * Uses asymmetric / public key cryptography
<!--
What are some useful ways we can use OpenPGP:
* Email encryption and signing
* Signing git commits
* SSH
* Password management
-->
--- ---
## Implementations ## Implementations
@ -151,21 +159,18 @@ developed by Phil Zimmermann in the 1990s.
--- ---
## Advanced - cold / virtualization ## Advanced - cold / virtualization
* Can use `gpg` / `sq` / `keyfork` * Can use `gpg` / `sq` / `keyfork` to derive
* Key is to derive keys in a secure environment:
* Airgapped system (preferred)
* Virtual machine on a hypervisor via hardware virtualization (ok for some threat models)
* [Hashbang GPG Guide](https://book.hashbang.sh/docs/security/key-management/gnupg/): helpful guide for GPG - good resource for beginners who want to do the advanced setup * [Hashbang GPG Guide](https://book.hashbang.sh/docs/security/key-management/gnupg/): helpful guide for GPG - good resource for beginners who want to do the advanced setup
* [openpgp-card-tools](https://codeberg.org/openpgp-card/openpgp-card-tools): great for loading keys onto smart cards * [openpgp-card-tools](https://codeberg.org/openpgp-card/openpgp-card-tools): great for loading keys onto smart cards
* Can use a variety of smart cards: NitroKey3, SoloKey, Yubikey
* Can use a variety of smart cards: NitroKey3, SoloKey, Yubikey
* NitroKey and SoloKey are fully open which is great for verifiability - may requires flashing firmware * NitroKey and SoloKey are fully open which is great for verifiability - may requires flashing firmware
* [openpgp-card-tools](https://codeberg.org/openpgp-card/openpgp-card-tools) is helpful for loading the card
* Airgapped system (preferred)
* Virtual machine on a hypervisor via hardware virtualization (ok for some threat models)
--- ---
## Backup Trick 🧙 ## Backup Trick 🧙