Traveling Yubikey

Time to peace on out of here

Overview Create a new PGP key on a Yubikey (or similar token) Sign it with the existing primary key Publish new key and signing details Keybase Main website / blog Include validity period (start/end dates) Tease out minimum number of secrets needed and setup dedicated password database [qt]pass + Yubikey PGP for encryption [qt]pass is great because you need a PIN for access and you can always ‘forget’ the pin Tease out minimum number of TOTP entries and setup dedicated passsword database KeePass XC in conjunction with ‘challenge response’ of the master database Password can be ‘forgotten’ for access and w/o the Yubikey nobody has access Travel / OpSec 4 Life! [Read More]

Fidesmo Products (NOPE)

Double dipping jerks

I received my Fidesmo card yesterday. I went to set it up with their Android app and NOPE. I will NOT pay you again for the PGP applet.

Screen caps of card (click to enlarge) and app asking me for more money below.

AVOID THIS CRAP, BUY SOMETHING ELSE

Fidesmo Letter + Card

Fidesmo app asking for additional payment

Signed git Commits

GPG + git + GitHub

Does it work? Yep! I now have signed git commits for this blog! If you head over to GitHub you’ll see each commit I’ve pushed is now signed/verified with my usual key. Read on for how I got it working and what you may need/want to do for yourself. Resources I did read over the following info before hitting on a process that worked. Thankfully the info is good and very straight forward for a change. [Read More]

GPG + SSH Auth

Well then, that was easy

PGP Auth Cert + SSH So… I’ve been struggling with how to effectively leverage PGP auth certs with SSH. I keep my SSH keys locked up on encrypted media. It’s a PITA to Find the media Unlock the full disk crypto ssh -i /big/long/path [email protected] Finish ssh session Unwind mounted filesystem and full disk crypto Put media back where it belongs (a safe place) That’s just a procedure in a half. [Read More]
opsec  security  ssh  pgp  gpg 

Signed Posts

Knowing I publish this 💩

New Footer Links To get ahead of myself a bit: My PGP key(s) are now availble via a link on the footer of this site as well as signed markdown for each page/post I publish. Scroll down to the footer if you prefer to download a PGP signed version of the page you’re interested in reading. [Editors note: keybase.io lets you verify signed content via their website, head over to my profile linked on the PGP Keys page if you don’t want to hassle with setting up PGP] [Read More]

[Open]PGP Fun

Identity, auth, traditional crypto

Intro Lately I’ve been looking at how I can best leverage PGP to ensure that people reading the content I post or browsing the code I post is in fact, mine. I’ve also been using hardware tokens to secure some of my crypto token wallets, etc. For years I’ve been aware of [Open]PGP and upon further investigation it looks like a natural fit for signing and authentication purposes. This post is about my experiences getting the fundamentals setup, my approach and my next steps. [Read More]

Hardware Tokens

Identity, auth, crypto, moar

What Now? I’ve been working on improving my day to day OpSec and with the crypto token stuff I’ve been working on, it’s gotten even more important. This is the result of a lot of research and fiddling with hardware tokens. Separate pieces of hardware that work in conjunction with passwords (or password manager) to further secure your digital footprint. Please do with it what you may. Hardware Tokens Each of the hardware tokens described here have been reasearched heavily and/or I’ve had the chance to use. [Read More]