Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Apr 22 17:44
    lambdafu milestoned #97
  • Apr 22 17:44
    lambdafu assigned #97
  • Apr 22 17:44
    lambdafu labeled #97
  • Apr 22 16:09
    erictapen closed #97
  • Apr 22 16:09
    erictapen commented #97
  • Apr 22 15:23
    lambdafu commented #97
  • Apr 22 15:20

    lambdafu on v0.0.6

    (compare)

  • Apr 22 15:20

    lambdafu on master

    Release v0.0.6. (compare)

  • Apr 22 15:16

    lambdafu on v0.0.6

    (compare)

  • Apr 22 15:16

    lambdafu on master

    Release v0.0.6. (compare)

  • Apr 21 18:15
    erictapen opened #97
  • Mar 27 15:02
    lambdafu commented #96
  • Mar 27 15:01
    lambdafu commented #96
  • Mar 27 08:47
    doronbehar opened #96
  • Mar 01 11:58
    jans23 commented #54
  • Mar 01 11:43
    Bjoe commented #54
  • Dec 03 2018 08:42
    alex-nitrokey commented #54
  • Dec 02 2018 08:51
    Bjoe commented #54
  • Nov 30 2018 11:09
    jans23 commented #54
  • Nov 30 2018 10:04
    alex-nitrokey commented #54
deknos
@deknos
ah.
Marcus Brinkmann
@lambdafu
that's the whole point
deknos
@deknos
my girlfriend calls from bed. i have to go. seeya :D
Marcus Brinkmann
@lambdafu
yeah, I have many question marks about those issues
greet her, and have a nice one
deknos
@deknos
well, a building and testconforming master branch is a should, but in my experience you still need a release management with older branches.. especially if you do have external dependencies (curl and the like)
but atm that issue is not really pressing :D
deknos
@deknos
i hate pinentry. i cannot stop it in the thunderbird i currently use. "cancel" just reproduces the new dialogue which captures ALL keyboard input
Marcus Brinkmann
@lambdafu
Yeah, you can put no-grab into pinentry.conf or so
Roman Zeyde
@romanz
Hello all,
I have added experimental support for hardware-based NeoPG agent, using the TREZOR hardware wallet as a HSM: romanz/trezor-agent#251
It currently works for Ed25519-based signatures :)
The cool part is that my tool doesn't require patching NeoPG at all, but using a small command-line wrapper, to invoke the TREZOR-based agent (instead of the NeoPG's original one):
https://github.com/romanz/trezor-agent/blob/c22109df24c6eb8263aa40183a016be3437b1a0c/contrib/neopg-trezor
Questions, suggestions and pull requests are welcome :)
Marcus Brinkmann
@lambdafu
@romanz that's an interesting hack! I wonder if we can make this more official, maybe with a command line option?
Didn't know about Trezor, it's certainly something that neopg should support. Although we might want to have a simpler protocol than the gpg-agent protocol eventually. What do you think?
Roman Zeyde
@romanz
Thanks!
Marcus Brinkmann
@lambdafu
@romanz which token do you recommend for trezor-agent?
Roman Zeyde
@romanz
I am using TREZOR, mainly because their firmware is FOSS, and it supports more cryptographic primitives (e.g. Ed25519 and NIST256P curves).
Marcus Brinkmann
@lambdafu
sounds good
Roman Zeyde
@romanz
But the project also supports Keepkey and Ledger Nano S
Marcus Brinkmann
@lambdafu
yeah, just saw the readme
i have a yubikey and a gnuk token.
(and openpgp cards)
Roman Zeyde
@romanz

I wonder if we can make this more official, maybe with a command line option?

It would be nice to be able to specify gpg-agent binary, similar to GnuPG --agent-program flag.

Marcus Brinkmann
@lambdafu
@romanz yes, I just wonder if there will be more helper programs or not. I think that only the agent has a real security justification. dirmngr and scd don't need to be standalone I think.
Roman Zeyde
@romanz
AFAIK only the gpg-agent needs access to secret key information...
Marcus Brinkmann
@lambdafu
yeah, that's what I think
Roman Zeyde
@romanz
Regarding the simplification of the gpg-agent protocol - this would be great!
My main concern is https://xkcd.com/927/ :)
Marcus Brinkmann
@lambdafu
Sure, only that the gpg-agent protocol is not a standard. It's just whatever gpg does.
I have not investigated if there are any comparable things out there.
Roman Zeyde
@romanz
BTW, NeoPG uses much less ASSUAN commands (compared to GnuPG) when talking to trezor-gpg-agent:
https://gist.github.com/romanz/1e9df4385d5aa7ce935dc18a1b24c6c1
Marcus Brinkmann
@lambdafu
Yes, I stripped out a bunch of nonsense that is only required if you want the agent to invoke pinentry on the right display etc
I currently don't have a solution for the pinentry, but I think it should be handled by the application, not by the agent
so that's why it's much simpler here
Roman Zeyde
@romanz
Sounds great, thanks!
Marcus Brinkmann
@lambdafu
do you make use of setkeydesc?
Roman Zeyde
@romanz
Not yet.
Mainly because there is no so much space on the TREZOR's screen
Marcus Brinkmann
@lambdafu
I saw that some of the devices have displays. but setkeydesc is unstructured. I'd assume you could make use of structured data
Roman Zeyde
@romanz
Indeed :)
Marcus Brinkmann
@lambdafu
let's gather ideas here: das-labor/neopg#86
Roman Zeyde
@romanz
Will do, thanks for opening the issue :)
Roman Zeyde
@romanz

I have not investigated if there are any comparable things out there.

There was an effort to define a standard for Bitcoin hardware wallets (https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-August/013008.html) but it didn't become official (AFAIK).

Marcus Brinkmann
@lambdafu
interesting
leosemilie
@leosemilie
Do these vulners found by neopg apply to the original pgp? Is it software specific or a sfstem design vulner?
nwalfield
@nwalfield
leosemilie: If you mean the sigspoof stuff, that is gpg-specific
Marcus Brinkmann
@lambdafu
Yep, gnupg only.
leosemilie
@leosemilie
see the problem the software development is consistently making things worse
matrixbot
@matrixbot
@f0rdprefect:matrix.org Hier ist nicht viel los, oder?
matrixbot
@matrixbot
sauyon Is there much documentation for scd? Getting ccid open error when I try serialno, and I'm not really sure how to use it anyway.