Feature #8400
Test & evaluate GNOME Keysign
0%
Subtasks
Related issues
Blocks Tails - |
Rejected | 2014-12-06 | |
Blocked by Tails - |
Resolved | 2014-12-06 |
History
#1 Updated by intrigeri 2014-12-06 11:40:11
- blocks
Feature #8401: Improve monkeysign integration in Tails added
#2 Updated by intrigeri 2014-12-06 11:42:33
- blocked by
Feature #8402: Wait for results of GNOME Keysign's OPW internship added
#3 Updated by BitingBird 2015-01-08 15:22:44
They wrote to tails-dev to announce the 0.2 release. See at https://github.com/muelli/geysigning
#4 Updated by intrigeri 2015-04-14 12:25:44
- Description updated
#5 Updated by intrigeri 2015-09-14 01:27:09
0.3 announce: https://mail.gnome.org/archives/gnome-announce-list/2015-August/msg00022.html
#6 Updated by muri 2016-01-02 10:25:12
hi,
i’ve looked a bit into gnome keysign. From the description: In contrast to caff or monkeysign, this tool enables you to sign a key without contacting a key server. It downloads an authenticated copy of the key from the other party.
i think the tool is only for a specific usecase, when you want to sign a key from a person in the same network, who is also running gnome-keysign. when you want to sign a key, it doesn’t (can’t) download the key from one of the keyservers, but only via local network (i think avahi, the program listens on port 9001).
#7 Updated by Anonymous 2017-06-28 10:24:15
- Starter set to Yes
GNOME keysign is now in Debian testing.
From what I understand, it can be run in server or client mode, and exchanges key fingerprints over the local network using QR codes. I fear that this might not be enough for our usecase of replacing monkeysign with it.
Next step: test GNOME keysign in Debian and evaluate if it can also work with keyservers and/or downloaded keys. Report your findings here.
#8 Updated by Anonymous 2017-06-28 10:24:28
- Subject changed from Evaluate GNOME Keysign to Test & evaluate GNOME Keysign
#9 Updated by Anonymous 2017-10-03 17:55:54
gnome-keysign is now in Debian: https://tracker.debian.org/pkg/gnome-keysign
We can thus try to install and test it.
#10 Updated by Anonymous 2017-10-03 21:19:19
This application allows to sign keys the following way:
- somebody launches the application in server mode
- on the LAN people can now sign the keys on the server
Unfortunately, the application does not have some kind of offline mode, so that one could sign a key without being on a LAN with the key owner.
So it cannot replace monkeysign at all.
#11 Updated by Anonymous 2017-10-03 21:19:39
- Status changed from Confirmed to Resolved
#12 Updated by intrigeri 2017-10-04 04:16:28
> Unfortunately, the application does not have some kind of offline mode, so that one could sign a key without being on a LAN with the key owner.
> So it cannot replace monkeysign at all.
Note that Monkeysign also requires either being present next to each other (to share QR codes) or Internet access.
FTR I’ve initiated a few days ago a discussion between the authors of GNOME Keysign, Monkeysign, the designers of the next GNOME Password and Keys iteration, and the gnome-credentials implementation thereof. I’ll reopen this ticket if needed, depending on the outcome of that conversation.
#13 Updated by Anonymous 2017-10-04 10:17:23
intrigeri wrote:
> > Unfortunately, the application does not have some kind of offline mode, so that one could sign a key without being on a LAN with the key owner.
>
> > So it cannot replace monkeysign at all.
>
> Note that Monkeysign also requires either being present next to each other (to share QR codes) or Internet access.
Ah ok, yes, only caff does not.
> FTR I’ve initiated a few days ago a discussion between the authors of GNOME Keysign, Monkeysign, the designers of the next GNOME Password and Keys iteration, and the gnome-credentials implementation thereof. I’ll reopen this ticket if needed, depending on the outcome of that conversation.
<3!