feat/add-openpgp-workshop #1

Merged
anton merged 10 commits from feat/add-openpgp-workshop into master 2024-10-02 22:30:17 +00:00
1 changed files with 15 additions and 10 deletions
Showing only changes of commit 511131fff7 - Show all commits

View File

@ -14,6 +14,14 @@ developed by Phil Zimmermann in the 1990s.
* Uses asymmetric / public key cryptography * Uses asymmetric / public key cryptography
<!--
What are some useful ways we can use OpenPGP:
* Email encryption and signing
* Signing git commits
* SSH
* Password management
-->
--- ---
## Implementations ## Implementations
@ -151,20 +159,17 @@ developed by Phil Zimmermann in the 1990s.
--- ---
## Advanced - cold / virtualization ## Advanced - cold / virtualization
* Can use `gpg` / `sq` / `keyfork` * Can use `gpg` / `sq` / `keyfork` to derive
* Key is to derive keys in a secure environment:
* Airgapped system (preferred)
* Virtual machine on a hypervisor via hardware virtualization (ok for some threat models)
* [Hashbang GPG Guide](https://book.hashbang.sh/docs/security/key-management/gnupg/): helpful guide for GPG - good resource for beginners who want to do the advanced setup * [Hashbang GPG Guide](https://book.hashbang.sh/docs/security/key-management/gnupg/): helpful guide for GPG - good resource for beginners who want to do the advanced setup
* [openpgp-card-tools](https://codeberg.org/openpgp-card/openpgp-card-tools): great for loading keys onto smart cards * [openpgp-card-tools](https://codeberg.org/openpgp-card/openpgp-card-tools): great for loading keys onto smart cards
* Can use a variety of smart cards: NitroKey3, SoloKey, Yubikey
* Can use a variety of smart cards: NitroKey3, SoloKey, Yubikey * NitroKey and SoloKey are fully open which is great for verifiability - may requires flashing firmware
* NitroKey and SoloKey are fully open which is great for verifiability - may requires flashing firmware
* [openpgp-card-tools](https://codeberg.org/openpgp-card/openpgp-card-tools) is helpful for loading the card
* Airgapped system (preferred)
* Virtual machine on a hypervisor via hardware virtualization (ok for some threat models)
--- ---