Bug#834869: ITP: keysafe -- back up secret keys to cloud servers

2016-08-19 Thread Joey Hess
It would be fine to package keysafe now, but please be sure to note that
it has not been fully security reviewed yet. It would probably make
sense to keep it in experimental until version 1.x.

-- 
see shy jo


signature.asc
Description: PGP signature


Bug#834869: ITP: keysafe -- back up secret keys to cloud servers

2016-08-19 Thread Sean Whitton
Package: wnpp
Severity: wishlist
Owner: Sean Whitton 

* Package name: keysafe
  Version : 0.20160819
  Upstream Author : Joey Hess 
* URL : https://joeyh.name/code/keysafe/
* License : AGPL-3
  Programming Lang: Haskell
  Description : back up secret keys to cloud servers

Upstream synopsis:

> Keysafe backs up a secret key to several cloud servers, split up so
> that no one server can access the whole secret by itself.

> A password is used to encrypt the data, and it is made expensive to
> decrypt, so password cracking is infeasibly expensive.

LWN write-up: https://lwn.net/Articles/696765/

The intended audience of keysafe is those using secret keys to encrypt
only their personal data, when storing it in the cloud.  Such a user
doesn't need to take the security precautions that a Debian Developer or
Debian Maintainer must take to protect their secret key.  However, they
still don't want to lose it and thus invalidate their backups.  Keybase
is designed to make it easy to backup secret keys in the cloud for this
kind of user.

Although this software is experimental, it has the potential to enable a
lot more Debian users to use public/private key cryptography to protect
the data that they store in the cloud.

I intend to package this and submit it for upload to experimental.  I
want to do this because I believe it will enable a lot more testing, and
useful feedback submitted to Joey.  In particular, it will enable
feedback from those who know a lot about cryptography but not much about
Haskell.  Further, we will want it in unstable eventually, and getting
the packaging in shape in advance makes that easy (Joey isn't the kind
of upstream to abandon the software while it's still alpha).

--
Sean Whitton


signature.asc
Description: PGP signature