🇳🇱
Ok a day of cleaning up and organizing and updating all my security stuff...
I now have up to date and smart-card-only pgp keys for myself and all my organizations, expired some I dont need, added some secondary ECC keys to play with, setup a password manager backed by GIT and PGP, and got all my computers I SSH from using my PGP key for authentication rather than the ~/.ssh directory. Plus all my computers have an additional nano smart card int he USB with my main keys on it. Oh and did I mention all my keys self destruct after 3 wrong pins :)
I also made copies of everything and have them in cold storage in my bank's lock box.
I also got a nice Keyoxide profile going
https://keyoxide.org/8b2364cd24036dcb753101d0052dda8e0506cbce
Now if only I could find a way to use my PGP keys for my cryptocurrency wallets that would be nice. Oh well the hardware wallets I use are good enough.
Any other cool uses for PGP keys anyone has in mind?
Keyoxide could’ve supported IndieAuth tags: https://codeberg.org/keyoxide/keyoxide-web/issues/97
This would allow you to login to OpenID sites using your OpenPGP key (I did that to leave authenticated Wordpress comments).
In general there are quite some interesting features in the pipeline: https://codeberg.org/keyoxide/keyoxide-web/issues
You can use PGP keys to unlock your LUKS partition on boot: https://aur.archlinux.org/packages/mkinitcpio-smartcard/
Or configure udiskie with pass (
password_prompt: ["pass", "shared/usb/{id_uuid}"]). I actually have .gpg-id in that directory to unlock drives automatically with passwordless key on disk (since it’s full-disk encrypted) and my main key for backup and recovery.If you don’t mind a couple of random points: you can make your main key Certifying only with
change-usagesubcommand of gpg --edit-key. As for comments in User IDs they are mostly redundant: https://dkg.fifthhorseman.net/blog/openpgp-user-id-comments-considered-harmful.htmlSee you later! 👋