Project

General

Profile

Feature #8400

Feature #6338: User-friendly keysigning that verifies that key belongs to the recipient

Test & evaluate GNOME Keysign

Added by intrigeri almost 5 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
12/06/2014
Due date:
% Done:

0%

Feature Branch:
Type of work:
Test
Blueprint:
Starter:
Yes
Affected tool:

Description


Related issues

Blocks Tails - Feature #8401: Improve monkeysign integration in Tails Rejected 12/06/2014
Blocked by Tails - Feature #8402: Wait for results of GNOME Keysign's OPW internship Resolved 12/06/2014

History

#1 Updated by intrigeri almost 5 years ago

  • Blocks Feature #8401: Improve monkeysign integration in Tails added

#2 Updated by intrigeri almost 5 years ago

  • Blocked by Feature #8402: Wait for results of GNOME Keysign's OPW internship added

#3 Updated by BitingBird almost 5 years ago

They wrote to tails-dev to announce the 0.2 release. See at https://github.com/muelli/geysigning

#4 Updated by intrigeri over 4 years ago

  • Description updated (diff)

#6 Updated by muri almost 4 years ago

hi,

i've looked a bit into gnome keysign. From the description: In contrast to caff or monkeysign, this tool enables you to sign a key without contacting a key server. It downloads an authenticated copy of the key from the other party.
i think the tool is only for a specific usecase, when you want to sign a key from a person in the same network, who is also running gnome-keysign. when you want to sign a key, it doesn't (can't) download the key from one of the keyservers, but only via local network (i think avahi, the program listens on port 9001).

#7 Updated by u over 2 years ago

  • Starter set to Yes

GNOME keysign is now in Debian testing.

From what I understand, it can be run in server or client mode, and exchanges key fingerprints over the local network using QR codes. I fear that this might not be enough for our usecase of replacing monkeysign with it.

Next step: test GNOME keysign in Debian and evaluate if it can also work with keyservers and/or downloaded keys. Report your findings here.

#8 Updated by u over 2 years ago

  • Subject changed from Evaluate GNOME Keysign to Test & evaluate GNOME Keysign

#9 Updated by u about 2 years ago

gnome-keysign is now in Debian: https://tracker.debian.org/pkg/gnome-keysign
We can thus try to install and test it.

#10 Updated by u about 2 years ago

This application allows to sign keys the following way:

- somebody launches the application in server mode
- on the LAN people can now sign the keys on the server

Unfortunately, the application does not have some kind of offline mode, so that one could sign a key without being on a LAN with the key owner.

So it cannot replace monkeysign at all.

#11 Updated by u about 2 years ago

  • Status changed from Confirmed to Resolved

#12 Updated by intrigeri about 2 years ago

Unfortunately, the application does not have some kind of offline mode, so that one could sign a key without being on a LAN with the key owner.

So it cannot replace monkeysign at all.

Note that Monkeysign also requires either being present next to each other (to share QR codes) or Internet access.

FTR I've initiated a few days ago a discussion between the authors of GNOME Keysign, Monkeysign, the designers of the next GNOME Password and Keys iteration, and the gnome-credentials implementation thereof. I'll reopen this ticket if needed, depending on the outcome of that conversation.

#13 Updated by u about 2 years ago

intrigeri wrote:

Unfortunately, the application does not have some kind of offline mode, so that one could sign a key without being on a LAN with the key owner.

So it cannot replace monkeysign at all.

Note that Monkeysign also requires either being present next to each other (to share QR codes) or Internet access.

Ah ok, yes, only caff does not.

FTR I've initiated a few days ago a discussion between the authors of GNOME Keysign, Monkeysign, the designers of the next GNOME Password and Keys iteration, and the gnome-credentials implementation thereof. I'll reopen this ticket if needed, depending on the outcome of that conversation.

<3!

Also available in: Atom PDF