Re: making a Debian Live CD for managing GnuPG master key and smartcards

[Dashamir Hoxha <dashohoxha@gmail.com>]

On Tue, Apr 26, 2016 at 9:53 AM, Daniel Pocock <daniel@pocock.pro> wrote:

There has been some discussion on debian-devel[1] about making a
bootable Debian Live CD specifically for GnuPG

The benefit is that everything on the CD is self-contained, it can't be
tampered with, it can run without network support in the kernel and the
workflow would be controlled by a script.  All the details, including
workflow, are described in a wiki[2]

I have some questions about this:

- has anybody already seen anything like this?  Nobody likes
re-inventing the wheel

- can we call all the necessary GnuPG commands from a script without the
user interacting directly with GnuPG, using "--batch" / unattanded
operation?  The sequence of commands involved would be similar to this
blog[3]

- what would be the preferred way for the GUI to obtain and keep the
master key passphrase without prompting the user to re-enter it for
every operation?

- would anybody else like to suggest improvements to the workflow?

A project similar in goals (simplifying GnuPG by automating tasks and emphasising best practices) is this one: https://github.com/dashohoxha/egpg

You can find the answer to some of the questions above by looking at its code.

But I really think that you can incorporate it in your project, maybe extending it with new workflows that it doesn't have yet (related to using smartcards etc.).

In my opinion, the first thing to be done is to build a .deb package for it, so that it can be installed easily on all Debian derived systems, then you can also use it in your special Live CD system.

This is the task about it: https://github.com/dashohoxha/egpg/issues/19