Life

Replaced GPG Key

Quick note to indicate that I've revoked my old GPG key (key id 0x94BE833CE8B86CAB) and replaced it with my new one (key id 0xBD51CB9670DF9DE7). My new key's fingerprint is:

1810 81E8 178E 4692 03F6 BFD0 BD51 CB96 70DF 9DE7

and it is signed with the old (revoked) key. You can download the key directly from me or from pgp.mit.edu which is where you can also see the old key is revoked.

Read More

macOS

Figuring out GPG, SSH and U2F with YubiKey 4

You know your wife is a keeper when she gets you a YubiKey 4 for your birthday! I was really excited about this YubiKey because of its support for storing your GPG private keys and also for an SSH private key, in addition to the U2F (Universal 2nd Factor) support. I've been using earlier versions of the YubiKey for OTP (one-time password) and U2F, but the new version was especially interesting to me because of ...

Read More

Linux

AIDE+gpg 1.0.4 released

I've just released AIDE+gpg 1.0.4, which adds support for signing and verifying signatures on the AIDE binary itself (/usr/sbin/aide), and on the AIDE configuration file (/etc/aide.conf). Thanks to George Notaras for giving me the suggestion.

Apparently someone other than myself uses these scripts. =) AIDE+gpg is a set of scripts to make AIDE more like Tripwire in that the database is cryptographically signed (with gpg) so you can be alerted as to whether ...

Read More

Linux

AIDE+gpg 1.0.2 released

As part of my work migrating to Red Hat Enterprise Linux 6, I found that AIDE+gpg does not work with GnuPG2 (previously, Red Hat Enterprise Linux 5 and Annvix only used GnuPG version 1). The AIDE+gpg scripts now work with GnuPG version 2, and a new version is available from the AIDE+gpg project page.

I don't know if anyone other than myself uses this, but it's a set of scripts to make AIDE more ...

Read More

Linux

Updated my GPG key

I realized today, after having a conversation with someone at work about gpg keys and rpm support, that I haven't updated my GPG key in about 6 years.

Then I realized I harped on CERT not too long ago about not doing things right. =) Granted, my key hasn't been compromised and I have no established schedule for rotating keys, but 6 years is a long time. So I've generated a new key, ...

Read More

Linux

How not to update GPG keys

This seems to be an ongoing saga so now I'm going to vent about it. It is ridiculous that an organization supposedly as secure as CERT can have such poor distribution mechanisms for alerting users of their new GPG keys. It is really important that, when you update GPG keys and distribute the public key that you can easily establish trust of the new key. There are a few ways this ...

Read More

Linux

Get started with GnuPG

This week's TechMail is Get started with GnuPG, a quick primer on another of my favourite tools: GnuPG. Learn the basics of getting your own GPG keypair created and learn a little bit about fingerprints and signatures and what they all mean.

And if you want to get more into the guts and glory of using GPG, you can read the article I wrote quite a few years ago on Using GnuPG. ...

Read More