Feature #8400

Test & evaluate GNOME Keysign

Added by intrigeri 2014-12-06 11:38:49 . Updated 2017-10-04 10:17:22 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2014-12-06
Due date:
% Done:

0%

Feature Branch:
Type of work:
Test
Blueprint:

Starter:
1
Affected tool:
Deliverable for:

Description


Subtasks


Related issues

Blocks Tails - Feature #8401: Improve monkeysign integration in Tails Rejected 2014-12-06
Blocked by Tails - Feature #8402: Wait for results of GNOME Keysign's OPW internship Resolved 2014-12-06

History

#1 Updated by intrigeri 2014-12-06 11:40:11

  • blocks Feature #8401: Improve monkeysign integration in Tails added

#2 Updated by intrigeri 2014-12-06 11:42:33

  • blocked by Feature #8402: Wait for results of GNOME Keysign's OPW internship added

#3 Updated by BitingBird 2015-01-08 15:22:44

They wrote to tails-dev to announce the 0.2 release. See at https://github.com/muelli/geysigning

#4 Updated by intrigeri 2015-04-14 12:25:44

  • Description updated

#6 Updated by muri 2016-01-02 10:25:12

hi,

i’ve looked a bit into gnome keysign. From the description: In contrast to caff or monkeysign, this tool enables you to sign a key without contacting a key server. It downloads an authenticated copy of the key from the other party.
i think the tool is only for a specific usecase, when you want to sign a key from a person in the same network, who is also running gnome-keysign. when you want to sign a key, it doesn’t (can’t) download the key from one of the keyservers, but only via local network (i think avahi, the program listens on port 9001).

#7 Updated by Anonymous 2017-06-28 10:24:15

  • Starter set to Yes

GNOME keysign is now in Debian testing.

From what I understand, it can be run in server or client mode, and exchanges key fingerprints over the local network using QR codes. I fear that this might not be enough for our usecase of replacing monkeysign with it.

Next step: test GNOME keysign in Debian and evaluate if it can also work with keyservers and/or downloaded keys. Report your findings here.

#8 Updated by Anonymous 2017-06-28 10:24:28

  • Subject changed from Evaluate GNOME Keysign to Test & evaluate GNOME Keysign

#9 Updated by Anonymous 2017-10-03 17:55:54

gnome-keysign is now in Debian: https://tracker.debian.org/pkg/gnome-keysign
We can thus try to install and test it.

#10 Updated by Anonymous 2017-10-03 21:19:19

This application allows to sign keys the following way:

- somebody launches the application in server mode
- on the LAN people can now sign the keys on the server

Unfortunately, the application does not have some kind of offline mode, so that one could sign a key without being on a LAN with the key owner.

So it cannot replace monkeysign at all.

#11 Updated by Anonymous 2017-10-03 21:19:39

  • Status changed from Confirmed to Resolved

#12 Updated by intrigeri 2017-10-04 04:16:28

> Unfortunately, the application does not have some kind of offline mode, so that one could sign a key without being on a LAN with the key owner.

> So it cannot replace monkeysign at all.

Note that Monkeysign also requires either being present next to each other (to share QR codes) or Internet access.

FTR I’ve initiated a few days ago a discussion between the authors of GNOME Keysign, Monkeysign, the designers of the next GNOME Password and Keys iteration, and the gnome-credentials implementation thereof. I’ll reopen this ticket if needed, depending on the outcome of that conversation.

#13 Updated by Anonymous 2017-10-04 10:17:23

intrigeri wrote:
> > Unfortunately, the application does not have some kind of offline mode, so that one could sign a key without being on a LAN with the key owner.
>
> > So it cannot replace monkeysign at all.
>
> Note that Monkeysign also requires either being present next to each other (to share QR codes) or Internet access.

Ah ok, yes, only caff does not.

> FTR I’ve initiated a few days ago a discussion between the authors of GNOME Keysign, Monkeysign, the designers of the next GNOME Password and Keys iteration, and the gnome-credentials implementation thereof. I’ll reopen this ticket if needed, depending on the outcome of that conversation.

<3!