I recently got another yubikey and due to poor handling of the old key (can't load it onto the new card) I've generated a new key. I've revoked my old 2017 key (key id 0xBD51CB9670DF9DE7) and replaced with my new key (key id 0xDAE4D06F77191ACD)
My new key's fingerprint is:
AD05 74F1 0BC3 E41D 3D8E 78FD DAE4 D06F 7719 1ACDand ...
Read More
Quick note to indicate that I've revoked my old GPG key (key id 0x94BE833CE8B86CAB) and replaced it with my new one (key id 0xBD51CB9670DF9DE7). My new key's fingerprint is:
1810 81E8 178E 4692 03F6 BFD0 BD51 CB96 70DF 9DE7and it is signed with the old (revoked) key. You can download the key directly from me or ...
Read More
You know your wife is a keeper when she gets you a YubiKey 4 for your birthday! I was really excited about this YubiKey because of its support for storing your GPG private keys and also for an SSH private key, in addition to the U2F (Universal 2nd Factor) support. I've been using earlier versions of the YubiKey for OTP (one-time password) and U2F, but the new version was especially interesting to me because of ...
Read More
I've just released AIDE+gpg 1.0.4, which adds support for signing and verifying signatures on the AIDE binary itself (/usr/sbin/aide), and on the AIDE configuration file (/etc/aide.conf). Thanks to George Notaras for giving me the suggestion.
Apparently someone other than myself uses these scripts. =) AIDE+gpg is a set of scripts to make AIDE more like Tripwire in that the database is cryptographically signed (with gpg) so you can be alerted as to whether ...
Read More
As part of my work migrating to Red Hat Enterprise Linux 6, I found that AIDE+gpg does not work with GnuPG2 (previously, Red Hat Enterprise Linux 5 and Annvix only used GnuPG version 1). The AIDE+gpg scripts now work with GnuPG version 2, and a new version is available from the AIDE+gpg project page.
I don't know if anyone other than myself uses this, but it's a set of scripts to make AIDE more ...
Read More
I realized today, after having a conversation with someone at work about gpg keys and rpm support, that I haven't updated my GPG key in about 6 years.
Then I realized I harped on CERT not too long ago about not doing things right. =) Granted, my key hasn't been compromised and I have no established schedule for rotating keys, but 6 years is a long time. So I've generated a new key, ...
Read More
This seems to be an ongoing saga so now I'm going to vent about it. It is ridiculous that an organization supposedly as secure as CERT can have such poor distribution mechanisms for alerting users of their new GPG keys. It is really important that, when you update GPG keys and distribute the public key that you can easily establish trust of the new key. There are a few ways this ...
Read More
Last week's TechMail tip was Encrypting and decrypting files with GnuPG, which covers some stuff about using gpg to deal with encryption of files (instead of just using gpg for mail).
Read More
This week's TechMail is Get started with GnuPG, a quick primer on another of my favourite tools: GnuPG. Learn the basics of getting your own GPG keypair created and learn a little bit about fingerprints and signatures and what they all mean.
And if you want to get more into the guts and glory of using GPG, you can read the article I wrote quite a few years ago on Using GnuPG. ...
Read More