Posts Tagged ‘gnupg’

HowTo: Reset a cryptostick

Monday, February 21st, 2011

We use this cryptostick a lot and always thought that there was no way to reset it once you entered the admin PIN incorrectly three times. Well, there is a way to reset it! Found it here and describing it below for future reference.
(more…)

Two-factor LUKS using Ubuntu

Tuesday, October 19th, 2010

The earlier post about using two-factor LUKS with Ubuntu seems to work out perfectly well when using Ubuntu 10.10 “Maverick Meerkat”.

Two-factor LUKS using Ubuntu

Thursday, July 29th, 2010

Ubuntu 10.04 LTS “Lucid Lynx” supports LUKS quite well per default. This is a nice feature if you’re seeking for some extra security. But what if you want a real two-factor based solution?

In the office we have been using OpenPGP cards for quite some time now to secure data. It seemed a good idea to use the newly released USB version of the OpenPGP card combined with LUKS. Very easy to use since you only need to rember your PIN code and very secure as well (even more if you use 2048 or even 3072 bits keys).

Let’s assume you already own an OpenPGP card (smartcard or USB version) and are familiar with GnuPG. Nice, but what about the rest?

Ubuntu 10.04 Live DVD

(more…)

Gpg-agent on MacOSX

Monday, November 2nd, 2009

I had some trouble getting gpg-agent to work reliably on MacOSX, but found that adding the following to ~/.profile works like a charm:

# Script for ensuring only one instance of gpg-agent is running
# and if there is not one, start an instance of gpg-agent.
if test -f $HOME/.gpg-agent-info && kill -0 `cut -d: -f 2 $HOME/.gpg-agent-info` 2>/dev/null; then
	GPG_AGENT_INFO=`cat $HOME/.gpg-agent-info`
	SSH_AUTH_SOCK=`cat $HOME/.ssh-auth-sock`
	SSH_AGENT_PID=`cat $HOME/.ssh-agent-pid`
	export GPG_AGENT_INFO SSH_AUTH_SOCK SSH_AGENT_PID
else
	eval `gpg-agent --daemon`
	echo $GPG_AGENT_INFO >$HOME/.gpg-agent-info
	echo $SSH_AUTH_SOCK > $HOME/.ssh-auth-sock
	echo $SSH_AGENT_PID > $HOME/.ssh-agent-pid
fi
# Imperative that this environment variable always reflects the output
# of the tty command.
GPG_TTY=`tty`
export GPG_TTY

You’ll need to have the following in ~/.gnupg/gpg-agent.conf:

enable-ssh-support
use-standard-socket
pinentry-program /usr/local/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac

The last line is only needed if you want a graphical password (or in my case, pin) dialog. I use pinentry-mac from the MacGPG2 project for this.