6 Week Progress Update for PGP Clean Room


One of the PGP Clean Room’s aims is to provide users with the option to easily initialize one or more smartcards with personal info and pins, and subsequently transfer keys to the smartcard(s). The advantage of using smartcards is that users don’t have to expose their keys to their laptop for daily certification, signing, encryption or authentication purposes.

I started building a basic whiptail TUI that asks users if they will be using a smartcard:

smartcard-init.sh on Github

If yes, whiptail provides the user with the opportunity to initialize the smartcard with their name, preferred language and login, and change their admin PIN, user PIN, and reset code.

I outlined the commands and interactions necessary to edit personal info on the smartcard using gpg --card-edit and sending the keys to the card with gpg --edit-key <FPR> in smartcard-workflow. There’s no batch mode for smartcard operations and there’s no “quick” command for it just yet (as in –quick-addkey). One option would be to try this out with command-fd/command-file. Currently, python bindings for gpgme are under development so that is another possibility.

We can use this workflow to support two smartcards– one for the primary key and one for the subkeys, a setup that would also support subkey rotation.

Related Posts

12 Week Progress Update for PGP Clean Room

Default and Custom Key Generation

10 Week Progress Update for PGP Clean Room

Developing Whiptail TUI... GIFs!

8 Week Progress Update for PGP Clean Room

Internationalization and Code Refactoring/Reorganizing

4 Week Progress Update for PGP Clean Room

Using GPG 2.1.16 on Sid and more feature ideas

2 Week Progress Update for PGP Clean Room

Building a Whiptail TUI and using GPG 2.1.16

Applying to Debian for Outreachy 2016

Applying to the PKI Clean Room Project for Round 13 of Outreachy

Free and Awesome Programming Resources

Free video courses, interactive tutorials, project ideas, drills, and e-books for learning to code online