Traveling Yubikey

Time to peace on out of here

Overview Create a new PGP key on a Yubikey (or similar token) Sign it with the existing primary key Publish new key and signing details Keybase Main website / blog Include validity period (start/end dates) Tease out minimum number of secrets needed and setup dedicated password database [qt]pass + Yubikey PGP for encryption [qt]pass is great because you need a PIN for access and you can always ‘forget’ the pin Tease out minimum number of TOTP entries and setup dedicated passsword database KeePass XC in conjunction with ‘challenge response’ of the master database Password can be ‘forgotten’ for access and w/o the Yubikey nobody has access Travel / OpSec 4 Life! [Read More]

GPD Pocket

The Nokia n810/n900 live!

What is a GPD Pocket? The GPD Pocket (link) is a little 7” laptop with a HiDPI (retina) screen. It’s a quad core atom with 8Gb ram and 128Gb eMMC. Basically it’s a modern form of the Nokia n810/n900. In essence: a very capable handheld computer/laptop thingy. This post is all about my experiences with the machine. Why?!? I bought the GPD Pocket because I wanted a little computer/device to handle some of my day to day needs while mobile. [Read More]

Fidesmo Products (NOPE)

Double dipping jerks

I received my Fidesmo card yesterday. I went to set it up with their Android app and NOPE. I will NOT pay you again for the PGP applet.

Screen caps of card (click to enlarge) and app asking me for more money below.


Fidesmo Letter + Card

Fidesmo app asking for additional payment

Signed git Commits

GPG + git + GitHub

Does it work? Yep! I now have signed git commits for this blog! If you head over to GitHub you’ll see each commit I’ve pushed is now signed/verified with my usual key. Read on for how I got it working and what you may need/want to do for yourself. Resources I did read over the following info before hitting on a process that worked. Thankfully the info is good and very straight forward for a change. [Read More]

GPG + SSH Auth

Well then, that was easy

PGP Auth Cert + SSH So… I’ve been struggling with how to effectively leverage PGP auth certs with SSH. I keep my SSH keys locked up on encrypted media. It’s a PITA to Find the media Unlock the full disk crypto ssh -i /big/long/path [email protected] Finish ssh session Unwind mounted filesystem and full disk crypto Put media back where it belongs (a safe place) That’s just a procedure in a half. [Read More]
opsec  security  ssh  pgp  gpg 

Signed Posts

Knowing I publish this 💩

New Footer Links To get ahead of myself a bit: My PGP key(s) are now availble via a link on the footer of this site as well as signed markdown for each page/post I publish. Scroll down to the footer if you prefer to download a PGP signed version of the page you’re interested in reading. [Editors note: lets you verify signed content via their website, head over to my profile linked on the PGP Keys page if you don’t want to hassle with setting up PGP] [Read More]

[Open]PGP Fun

Identity, auth, traditional crypto

Intro Lately I’ve been looking at how I can best leverage PGP to ensure that people reading the content I post or browsing the code I post is in fact, mine. I’ve also been using hardware tokens to secure some of my crypto token wallets, etc. For years I’ve been aware of [Open]PGP and upon further investigation it looks like a natural fit for signing and authentication purposes. This post is about my experiences getting the fundamentals setup, my approach and my next steps. [Read More]

Hardware Tokens

Identity, auth, crypto, moar

What Now? I’ve been working on improving my day to day OpSec and with the crypto token stuff I’ve been working on, it’s gotten even more important. This is the result of a lot of research and fiddling with hardware tokens. Separate pieces of hardware that work in conjunction with passwords (or password manager) to further secure your digital footprint. Please do with it what you may. Hardware Tokens Each of the hardware tokens described here have been reasearched heavily and/or I’ve had the chance to use. [Read More]

Crypto Currencies - First Post

It’s simple, really In the spirit of NomRocket and others I’m going to be posting a LOT of info related to crypto currency mining, OpSec and similar to the blog. My strategy, hardware and a host of other cool information will be forthcoming Post Storm I’ve been posting a lot of information between Mastodon and Google+ and it’s high time I put it all in one place for people. There is going to be a post storm over the next day/two/three/? [Read More]


Notes and Random Thoughts about properly putting together an OpSec layout that assumes a reasonbly high Threat Model

Hardware Laptop 1080p monitor Wired ethernet Can disable computrace Can disable any management engines Can disable most/all integrated hardware Configuration Latest BIOS updates SET BIOS password Boot ONLY from USB disk (preferably ONLY the one with Tails) Wipe TPM Adjust secure boot settings as appropriate Best Practices Do NOT run USB media on UNTRUSTED machines Do NOT run USB boot media in a VM on UNTRUSTED machines Move data using USB disks (FRESH, TRUSTED) Use VeraCrypt for encryption (most supported crypto option) Use exFAT as filesystem (most supported for rw operations) elephant. [Read More]