Hi,
On 21/11/2018 17:46, Guilhem Moulin wrote:
> Peter last poked Werner on Nov 09 but there wasn't any reply from him.
> (At least not on the gnupg-users list.)
Nope, no reply, unfortunately.
> Hmm on second thought the offer is tempting; if you're also attending
> 35c3 then shipping won't
Dear Guilhem,
> >>> I'm not sure if the implementation currently found in our branch would
> >>> choke if the wrong smartcard is inserted: I wasn't able to test this
> >>> as I have only one token :-)
> >
> > Can I fix that for you? (Serious offer; I can get this shipped to
> > you ASAP...)
>
>
Hi,
On Wed, 21 Nov 2018 at 11:12:08 -0500, Chris Lamb wrote:
> Guilhem Moulin wrote:
>>> GnuPG upstream was asked about a documented API to retrieve the stubs
>>> but hasn't answered yet AFAIK.
>
> Did they get back to you yet out of interest, Guilhem?
Peter last poked Werner on Nov 09 but
Hi Peter et al.,
Guilhem Moulin wrote:
> > GnuPG upstream was asked about a documented API to retrieve the stubs
> > but hasn't answered yet AFAIK.
Did they get back to you yet out of interest, Guilhem?
> > I'm not sure if the implementation currently found in our branch would
> > choke if the
On 08/11/2018 02:07, Guilhem Moulin wrote:
> However that doesn't happen currently because I'm really worried about
> copying real private key material to the initramfs along with the stubs;
> GnuPG upstream was asked about a documented API to retrieve the stubs
> but hasn't answered yet AFAIK.
On Wed, 07 Nov 2018 at 13:05:17 -0800, Kyle Rankin wrote:
> I've tested these debs and can confirm everything works.
Awesome, thanks for the feedback!
> I was also able to add this support to an existing LUKS root partition
> by just using luksAddKey and making sure the crypttab was updated and
On Tue, Nov 06, 2018 at 10:49:36PM +0100, Guilhem Moulin wrote:
> On Tue, 06 Nov 2018 at 11:15:57 -0800, Kyle Rankin wrote:
> > On Sun, Nov 04, 2018 at 02:38:29PM +0100, Guilhem Moulin wrote:
> >> On Sun, 04 Nov 2018 at 05:35:44 -0500, Chris Lamb wrote:
> >
Dear Guilhem,
> But fair enough, you can use the cryptsetup packages from my private APT
> repository:
>
> echo "deb http://guilhem.org/debian sid main" >>/etc/apt/sources.list
> apt-key add /tmp/7420DF86BCE15A458DCE997639278DA8109E6244.asc
> apt update
> apt upgrade
Neat,
On Tue, 06 Nov 2018 at 11:15:57 -0800, Kyle Rankin wrote:
> On Sun, Nov 04, 2018 at 02:38:29PM +0100, Guilhem Moulin wrote:
>> On Sun, 04 Nov 2018 at 05:35:44 -0500, Chris Lamb wrote:
> https://salsa.debian.org/cryptsetup-team/cryptsetup/tree/openpgp-smartcard
Did you have time to
On Sun, Nov 04, 2018 at 02:38:29PM +0100, Guilhem Moulin wrote:
> On Sun, 04 Nov 2018 at 05:35:44 -0500, Chris Lamb wrote:
> >>> https://salsa.debian.org/cryptsetup-team/cryptsetup/tree/openpgp-smartcard
> >>
> >> Did you have time to look at this branch yet? (Just rebased it on top
> >> of
On Sun, 04 Nov 2018 at 05:35:44 -0500, Chris Lamb wrote:
>>> https://salsa.debian.org/cryptsetup-team/cryptsetup/tree/openpgp-smartcard
>>
>> Did you have time to look at this branch yet? (Just rebased it on top
>> of ‘debian/2%2.0.5-1’ and applied a couple of changes.)
>
> Oh dear, I was not
Dear Guilhem,
> > https://salsa.debian.org/cryptsetup-team/cryptsetup/tree/openpgp-smartcard
>
> Did you have time to look at this branch yet? (Just rebased it on top
> of ‘debian/2%2.0.5-1’ and applied a couple of changes.)
Oh dear, I was not aware this was blocking on my end. Kyle, how'd
you
Hi Chris,
On Sun, 23 Sep 2018 at 06:10:52 +0200, Guilhem Moulin wrote:
> Fortunately I did have some quiet evenings last week, and finally
> pushed a new branch derived from Peter and Erik's work:
>
> https://salsa.debian.org/cryptsetup-team/cryptsetup/tree/openpgp-smartcard
Did you have time
Hi,
On Mon, 06 Aug 2018 at 13:09:13 +0200, Jonas Meurer wrote:
> Am 23.07.2018 um 14:42 schrieb Chris Lamb:
> Still, if we would split the gnupg smartcard keyscript into an own
> binary package, we would have to do the same for decrypt_gnupg,
> decrypt_opensc and decrypt_ssl. Which would mean
On Sat, 22 Sep 2018 at 09:04:49 +0100, Chris Lamb wrote:
>> Sorry, I've been rather short on time lately; will try to take another
>> stab at this the week after next.
>
> No worries at all; how you getting on?
Thanks for the poke :-) Fortunately I did have some quiet evenings last
week, and
Hi Chris,
On Fri, 14 Sep 2018 at 11:46:26 +0100, Chris Lamb wrote:
>> Sorry, I've been rather short on time lately; will try to take another
>> stab at this the week after next.
>
> Sure thing. Do let me know whether it would help if you had specific
> hardware or things like that; I can get
Hey Guilhem,
> Sorry, I've been rather short on time lately; will try to take another
> stab at this the week after next.
No worries at all; how you getting on?
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Hey Guilhem,
> Sorry, I've been rather short on time lately; will try to take another
> stab at this the week after next.
Sure thing. Do let me know whether it would help if you had specific
hardware or things like that; I can get them sent out you. (Even if it
would duplicate what you would
Hi Chris,
On Sat, 01 Sep 2018 at 11:50:47 +0100, Chris Lamb wrote:
>>> So, whilst I will be at DebCamp too (yay) I unfortunately won't have
>>> any hardware to test with and for various reasons I should keep
>>> commitments low at this point.
>>
>> Sure thing! I was planning to do some triaging
Dear Guilhem et al.,
> > So, whilst I will be at DebCamp too (yay) I unfortunately won't have
> > any hardware to test with and for various reasons I should keep
> > commitments low at this point.
>
> Sure thing! I was planning to do some triaging anyway :-) (#888916 has
> been open for a
Hi Chris,
Am 23.07.2018 um 14:42 schrieb Chris Lamb:
>> I don't think that adding a new binary package for OpenPGP smartcard
>> support is a good idea and would oppose to it
>
> Might smartcard support require some smartcard-specific packaged
> dependencies that would
> be solved somewhat
Hi Jonas et al.,
> I don't think that adding a new binary package for OpenPGP smartcard
> support is a good idea and would oppose to it
Might smartcard support require some smartcard-specific packaged
dependencies that would
be solved somewhat elegantly by having a separate binary package?
Hi Guilhem and Chris,
greetings from Portugal to Taiwan :)
Am 16.07.2018 um 19:28 schrieb Guilhem Moulin:
> I'm in favor of adding OpenPGP smartcard support to src:cryptsetup, but
> not more that one set of hook & boot scripts.
Ack.
> Since there is already #888916 open requesting merging of
On Mon, 16 Jul 2018 at 18:39:59 +0100, Chris Lamb wrote:
> So, whilst I will be at DebCamp too (yay) I unfortunately won't have
> any hardware to test with and for various reasons I should keep
> commitments low at this point.
Sure thing! I was planning to do some triaging anyway :-) (#888916
Dear Guilhem,
> > My gut tells me we should incoropate OpenPGP support directly into
>
> I assume you mean OpenPGP *smartcard* here
Yes, mea culpa; wasn't paying attention! :)
> Since there is already #888916 open requesting merging of some initramfs
> scripts providing OpenPGP smartcard
Hi Chris,
On Mon, 16 Jul 2018 at 10:15:47 +0100, Chris Lamb wrote:
>> Back to https://github.com/eriknellessen/gpg-encrypted-root, I see the
>> hook is copying private key material to the initramfs, but […]
>
> My gut tells me we should incoropate OpenPGP support directly into
I assume you mean
Dear Guilhem,
> Back to https://github.com/eriknellessen/gpg-encrypted-root, I see the
> hook is copying private key material to the initramfs, but […]
My gut tells me we should incoropate OpenPGP support directly into
Debian's src:cryptsetup simply based on ensuring its on-going
On Mon, 09 Jul 2018 at 10:14:50 -0700, Kyle Rankin wrote:
> Given it is just a shell script, I would vote for incorporating OpenPGP
> smartcard support directly into cryptsetup-initramfs so it's available for
> users who want encrypted storage without having to know about a standalone
> package.
Given it is just a shell script, I would vote for incorporating OpenPGP
smartcard support directly into cryptsetup-initramfs so it's available for
users who want encrypted storage without having to know about a standalone
package.
-Kyle
29 matches
Mail list logo