|
|
Log in / Subscribe / Register

Strategies for offline PGP key storage

Strategies for offline PGP key storage

Posted Oct 3, 2017 13:40 UTC (Tue) by eahay (guest, #110720)
In reply to: Strategies for offline PGP key storage by ngiger@mus.ch
Parent article: Strategies for offline PGP key storage

Another option is a NitroKey https://www.nitrokey.com

to post comments

Strategies for offline PGP key storage

Posted Oct 3, 2017 19:54 UTC (Tue) by dd9jn (✭ supporter ✭, #4459) [Link] (3 responses)

Depending on the model Nitrokey either uses the Gnuk software or a standard OpenPGP card from Zeitcontrol for public key operations.

Strategies for offline PGP key storage

Posted Oct 3, 2017 19:58 UTC (Tue) by anarcat (subscriber, #66354) [Link] (2 responses)

I encourage people to wait for the next article in the series before discussing the details of all those keycards. In the next article, I will review the Nitrokey PRO, the FST-01, the Yubikey 4 and NEO, including benchmarks and cute graphics. Stay tuned! :)

Strategies for offline PGP key storage

Posted Oct 5, 2017 2:51 UTC (Thu) by Trelane (subscriber, #56877) [Link]

awesome! I'm looking forward to it.

Strategies for offline PGP key storage

Posted Oct 5, 2017 6:34 UTC (Thu) by intrigeri (subscriber, #82634) [Link]

Excellent, thanks!

Strategies for offline PGP key storage

Posted Oct 3, 2017 22:14 UTC (Tue) by dsommers (subscriber, #55274) [Link] (2 responses)

I do have Nitrokey Pro and it worked wonderfully well on my Scientific Linux 7.3 box (not too fast, but I can survive that); it wasn't too easy to get it working, though - I remember I needed some tweaks.

But after I switched to RHEL 7.4, gpg --card-status gives me "Card error" - BUT running openpgp-tool works! So it seems gpg is grumpy about it for some reasons. Anyone got a good idea what could be the issue? I might have forgotten a silly step, but can't figure out what it could be.

Strategies for offline PGP key storage

Posted Oct 5, 2017 4:53 UTC (Thu) by jans (guest, #108889) [Link] (1 responses)

I suspect this is related to access restrictions and usually is solved by proper UDEV rules. See these instructions.

Strategies for offline PGP key storage

Posted Oct 5, 2017 9:22 UTC (Thu) by dsommers (subscriber, #55274) [Link]

Thank you! I actually had those rules installed. But there was a slight detail I hadn't noticed until your comment. The udev rules uses GROUP="plugdev"; a group name which does not exist on RHEL. Changing that to a group which exists and makes more sense on my setup and it worked.

Again, thank you!


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds