Re: [Tails-dev] Signing of the ISO and key material

Supprimer ce message

Répondre à ce message
Auteur: sajolida
Date:  
À: kwadronaut, The Tails public development discussion list
Sujet: Re: [Tails-dev] Signing of the ISO and key material
kwadronaut:
> Hi,


Hi,

> I was wondering how Tails is taking care of it's signing keys. I have
> read some documentation [1][2] and really appreciate the policy, setup
> (ie: no subkeys), how well it's integrated in the wot and the
> documentation. Question, for other projects, as best practices: how are
> you dealing with the secret material? Are all the developers sharing it,
> are you using something like ssss? Have you thought about other options
> or tools to help manage this? According to [2] you're not using ssss
> (directly)?


The key material of the signing key is split cryptographically using
gfsplit and shares are given to the people who need it.

But this has proven to be little practical because we need to meet
physically to recompose the key. We're now considering adding OpenPGP
smartcards to the dance, ideally only used in a dedicated air-gaped Tails.

NB: If I remember correctly, gfsplit is better than ssss at handling
proper files.

> I'm asking because:
> a. no re-invention of wheels and hot water


The key splitting and distribution ritual is a bit tedious but I don't
know of any tool to automate this further than gfsplit.

> b. good (release) practices are essential in any software piece


Yes, and we could surely complete and clarify our documentation on that.

> Disclosure: a project I'm involved with [3] prefers not to share key
> material with all developers and putting it on a server with a web
> application and a java monster aren't really appealing options either.
> Therefore, we're exploring options and picking minds.


--
sajolida