12 Week Progress Update for PGP Clean Room


I worked on creating the whiptail and corresponding gpg scripts for 4 options for primary and/or secondary/subkey generation.

1) A “Quick” Generate Primary and Secondary Key task that only asks the user for the UID and password and creates an rsa4096 primary key, an rsa2048 secondary key and an rsa2048 laptop signing subkey.

2) A “Custom” Generate Primary and Secondary Key task that gives the user more flexibility in algo, usage and expiry, but still adheres to PGP best practices. For the primary key, the user chooses between rsa4096 key or an ECC curve, sign/cert or cert only for usage, and the expiry. For the secondary encryption key, the user also chooses between RSA and ECC, but can choose a key length between 2048 and 4096, and the expiry.

3) Generate Primary Key Only: Same as the primary key generation for #2

4) Generate a Custom Subkey: The user gets to choose between rsa<2048-4096>, dsa<2048-3072>, elg<2048-4096>, and an ECC curve, and choose the usage and expiry. The tricky part was making sure that the usage matched the algorithm. For example, DSA is only capable of sign and auth, while RSA can do sign, auth, and encrypt. ECC curves are capable of all usages, however, encrypt cannot overlap with sign/auth for any curve, even though the name of the curve is the same. So I used radio and checkboxes to make it as easy as possible for the user.

These options follow the best practices outlined at riseup and Debian Wiki pages, such as:

  • The primary key should use a strong algorithm and should only have the usages cert and/or sign.

  • Subkeys can be 2048-4096 bits, preferably RSA, DSA-2 or ECC.

  • UID shouldn’t ask for a comment

  • DSA-1024 is deprecated so I restricted DSA to a minimum of 2048.

Related Posts

10 Week Progress Update for PGP Clean Room

Developing Whiptail TUI... GIFs!

8 Week Progress Update for PGP Clean Room

Internationalization and Code Refactoring/Reorganizing

6 Week Progress Update for PGP Clean Room

Implementing smartcard functionality

4 Week Progress Update for PGP Clean Room

Using GPG 2.1.16 on Sid and more feature ideas

2 Week Progress Update for PGP Clean Room

Building a Whiptail TUI and using GPG 2.1.16

Applying to Debian for Outreachy 2016

Applying to the PKI Clean Room Project for Round 13 of Outreachy

Free and Awesome Programming Resources

Free video courses, interactive tutorials, project ideas, drills, and e-books for learning to code online