Happy New Year Everyone!

Aside from taking some time off for the holidays, I set up a Debian-Sid USB stick in order to test gnupg version 2.1.16-3, the version to be included in Debian Stretch. For now, I’m using the package rng-tools to speed up the key creation for the purpose of testing gpg commands. By running sudo rngd -r /dev/urandom before the gpg command, you can create the keys in about a second.

Here are some of the sources that I’ve been using that inform the workflow and secure practices for gpg that we’ll be including in the Clean Room:

Some feature suggestions that were made by Neal Walfield that could be included in the workflow:

1. Use a smartcard for the primary key and a smartcard for the subkeys

2. Support subkey rotation– the creation of new subkeys

3. Upon finishing a session, write a script to the USB that sends mails with the signed keys and imports the user’s public keys.