I haven't touched it in a while since I got stuck while using Tails/squeeze
for the uses we need it for. I have submitted a proposal for a project that
includes a little work on cleanroom, so I do hope to get back to it in a
focused way in the not-too-distant future.
For the core use of creating a master GnuPG key and generating subkeys, I
think that TAILS already has everything there. opensc is included, right?
opensc will probably need to be backported to wheezy then included since
they've recently made big strides in making it work a lot easier.
For all of the uses that we have for cleanroom, I'm guessing there will be far
too many packages to include. For example, we want to do Android signing key
management, so that means Java keyrings, so that means default-jdk. But I'll
keep this question in mind when I get back into it.
.hc
intrigeri:
> Hi,
>
> Daniel Kraft wrote (17 Dec 2014 19:29:03 GMT) :
>> I would like to suggest adding "paperkey" (as in the Debian package
>> repository) to Tails. This is a tool to export the "raw" secret part of
>> a GPG key, for instance, to back it up on a paper print-out.
>
> First of all, thanks for the suggestion!
>
> Given this tool seems to be CLI-only, and meant to be rarely used, at
> first glance it doesn't seem appropriate to be installed by default,
> and instead advanced users can install it themselves whenever they
> need it. OTOH:
>
> * the "manage an offline OpenPGP key with Tails" use case would be
> improved if one could use this tool out-of-the-box, without
> needing to connect to the Internet and have APT download and
> install it;
> * the installed package takes a few dozens kB.
>
> Now, this would fit into the use case we've been asked by the
> cleanroom (Cc'd) folks to include apt-offline for. BTW, it's been
> waiting for their feedback since 4 months:
> https://labs.riseup.net/code/issues/7208
>
> Hans-Christoph: it would be super useful if you told us what's the
> list of additional packages cleanroom needs, that are not provided in
> Tails yet. Then, we can decide whether we want to install all of them
> by default, or rely on apt-offline instead. Then, I suspect we'll want
> to do just the same for paperkey.
>
> Cheers,
>
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81