Good bye subkeys.pgp.net, welcome pool.sks-keyservers.net

10th September 2014

Yesterday, I had the pleasure of attending a talk with the +Norwegian Unix User Group about +the +OpenPGP keyserver pool sks-keyservers.net, and was very happy to +learn that there is a large set of publicly available key servers to +use when looking for peoples public key. So far I have used +subkeys.pgp.net, and some times wwwkeys.nl.pgp.net when the former +were misbehaving, but those days are ended. The servers I have used +up until yesterday have been slow and some times unavailable. I hope +those problems are gone now.

+ +

Behind the round robin DNS entry of the +sks-keyservers.net service +there is a pool of more than 100 keyservers which are checked every +day to ensure they are well connected and up to date. It must be +better than what I have used so far. :)

+ +

Yesterdays speaker told me that the service is the default +keyserver provided by the default configuration in GnuPG, but this do +not seem to be used in Debian. Perhaps it should?

+ +

Anyway, I've updated my ~/.gnupg/options file to now include this +line:

+ +

+keyserver pool.sks-keyservers.net
+

+ +

With GnuPG version 2 one can also locate the keyserver using SRV +entries in DNS. Just for fun, I did just that at work, so now every +user of GnuPG at the University of Oslo should find a OpenGPG +keyserver automatically should their need it:

+ +

+% host -t srv _pgpkey-http._tcp.uio.no
+_pgpkey-http._tcp.uio.no has SRV record 0 100 11371 pool.sks-keyservers.net.
+%
+

+ +

Now if only +the +HKP lookup protocol supported finding signature paths, I would be +very happy. It can look up a given key or search for a user ID, but I +normally do not want that, but to find a trust path from my key to +another key. Given a user ID or key ID, I would like to find (and +download) the keys representing a signature path from my key to the +key in question, to be able to get a trust path between the two keys. +This is as far as I can tell not possible today. Perhaps something +for a future version of the protocol?

+ + + Tags: debian, english, personvern, sikkerhet. + + +

FreedomBox milestone - all packages now in Debian Sid

15th April 2014

The Freedombox -project is working on providing the software and hardware to make -it easy for non-technical people to host their data and communication -at home, and being able to communicate with their friends and family -encrypted and away from prying eyes. It is still going strong, and -today a major mile stone was reached.

- -

Today, the last of the packages currently used by the project to -created the system images were accepted into Debian Unstable. It was -the freedombox-setup package, which is used to configure the images -during build and on the first boot. Now all one need to get going is -the build code from the freedom-maker git repository and packages from -Debian. And once the freedombox-setup package enter testing, we can -build everything directly from Debian. :)

- -

Some key packages used by Freedombox are -freedombox-setup, -plinth, -pagekite, -tor, -privoxy, -owncloud and -dnsmasq. There -are plans to integrate more packages into the setup. User -documentation is maintained on the Debian wiki. Please -check out -the manual and help us improve it.

- -

To test for yourself and create boot images with the FreedomBox -setup, run this on a Debian machine using a user with sudo rights to -become root:

- -

-sudo apt-get install git vmdebootstrap mercurial python-docutils \
-  mktorrent extlinux virtualbox qemu-user-static binfmt-support \
-  u-boot-tools
-git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \
-  freedom-maker
-make -C freedom-maker dreamplug-image raspberry-image virtualbox-image
-

- -

Root access is needed to run debootstrap and mount loopback -devices. See the README in the freedom-maker git repo for more -details on the build. If you do not want all three images, trim the -make line. Note that the virtualbox-image target is not really -virtualbox specific. It create a x86 image usable in kvm, qemu, -vmware and any other x86 virtual machine environment. You might need -the version of vmdebootstrap in Jessie to get the build working, as it -include fixes for a race condition with kpartx.

- -

If you instead want to install using a Debian CD and the preseed -method, boot a Debian Wheezy ISO and use this boot argument to load -the preseed values:

- -

-url=http://www.reinholdtsen.name/freedombox/preseed-jessie.dat
-

- -

I have not tested it myself the last few weeks, so I do not know if -it still work.

- -

If you wonder how to help, one task you could look at is using -systemd as the boot system. It will become the default for Linux in -Jessie, so we need to make sure it is usable on the Freedombox. I did -a simple test a few weeks ago, and noticed dnsmasq failed to start -during boot when using systemd. I suspect there are other problems -too. :) To detect problems, there is a test suite included, which can -be run from the plinth web interface.

- -

Give it a go and let us know how it goes on the mailing list, and help -us get the new release published. :) Please join us on -IRC (#freedombox on -irc.debian.org) and -the -mailing list if you want to help make this vision come true.

- - - Tags: debian, english, freedombox, sikkerhet, surveillance, web. - - -