SlideShare uma empresa Scribd logo

Kernel Recipes 2017 - Modern Key Management with GPG - Werner Koch

Anne Nicolas
Anne Nicolas

Although GnuPG 2 has been around for nearly 15 years, the old 1.4 version was still in wide use. With Debian and others making 2.1 the default, many interesting things can now be done. In this talk he will explain the advantages of modern key algorithms, like ed25519, and why gpg relaxed some of its more paranoid defaults. The new –quick commands of gpg for easily scriptable key management will be described as well as the new key discovery methods. Finally hints for integration of gpg into other programs will be given. Werner Koch, g10code

Tecnologia
1 de 37
Baixar para ler offline
Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Modern Key Management with GPG Werner Koch Kernel-Recipes Paris September 28, 2017
2/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Outline Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up
3/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Versions GnuPG 2.2 released a few weeks ago. 2.1 has been around for nearly 3 years. New features Easy key discovery for any mail address. Full separation between private key and gpg Curve25519 support Better CLI support . . . End of life for 2.0 in 3 months. We keep 1.4 for its PGP-2 support and portability to pre-POSIX systems.
4/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up What's next RFC-4880bis work in 2.3 AEAD mode SHA-256 ngerprint New default algos Moving up the stack: Help integrating new features Checking existing use Make Gnuk easier available Write more than reference manuals.
5/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Outline Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up
6/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Why ECC (1) ECC algorithms are very well researched. Instead of key sizes we speak of dierent curves For RSA et al. one implementation ts all sizes. For ECC each curve needs to be implemented separately. A large class of curves can be implemented using a table of parameters.
7/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Why ECC (2) Certain curves have a bad repudiation. In particular the NIST curves as required for Suite B. European Brainpool curves might be better . . . . . . still are too similar to the NIST curves. So let's move on. The new de-facto standard (RFC-7748) is: Curve25519 Curve448-Goldilocks Variants for use with EdDSA
7/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Why ECC (2) Certain curves have a bad repudiation. In particular the NIST curves as required for Suite B. European Brainpool curves might be better . . . . . . still are too similar to the NIST curves. So let's move on. The new de-facto standard (RFC-7748) is: Curve25519 Curve448-Goldilocks Variants for use with EdDSA
8/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Example rsa4096 commit 72339165aeedec035b821c89453236e2c6949bb6 tree 92c63895b041aa198518a25b87f8ebb727dc4743 parent 2b60d1fe650683ab4fa5690fa2f8c41605fb6e0e author Werner Koch wk@gnupg.org 1505892912 +0200 committer Werner Koch wk@gnupg.org 1505892912 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEssy2g4MyXWG6xQ+fzSGoCsjFJWUFAlnCGjAACgkQzSGoCsjF JWVm/g//cool4UycftJSh9Fuy9pmXjDxjudheeQ6UaaWYuMlBYZTVsyjdkknM4Iw f92HKm1ieJpXc1KS89nd/iJRXSYFl307hfFsBPuohGIgUaIFOoqyb8TOxXQ7INbg wTpDvbPMk0yZHNA8feHC1v+R2rRQbsUfQwmNtw9FpcvR0hZ7Lp+5jpLTU6th3zpI Dz3Rlo26kJ7aMxtH8xjlnXnevL/GPc4zFpNOWhjJhASeDjpEUid6WguaaWfJkLOo U0bM43yk1FXdr0KyoOdM0aqJNT49jlpND1xFtVB3/wivOFngwBgcrzLRHCcJFGS6 HZJoIF0yQoVjmp9zSCrRwdQL6OybC2rWrlhIeEcy7XFwivtsVkr/H+t+Xty0AnFz vXi8deJa0E6L+k5E4CY3WvhDpV/CGWdd+owrr52nUZIIZGTgLv7QosOd3WCD6iya CqIBlEtEaVK7kX/2qhg4pn3/EQ6n2y+2fAcNGW6JAQK1Kui+BuheO9zSYhhUj1y1 F72n0mM4Im7ndM+44Ctc+jTw/NbYDRGRhomGnMYYLLOKJ+RY1VLE+esFTVtfbTtm uiFOb427d5UPhNm/NY8hKAVcvbdlt335rQjR4+Wjo7suQAuP0zV182dHwXrCQ3Tk 3hk60KOoiJj6nKhkOERaFkB/XhnUJGqNXPIrYtuoPwX2eQhQBvA= =Gvqf -----END PGP SIGNATURE-----
9/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Example ed25519 commit 2b60d1fe650683ab4fa5690fa2f8c41605fb6e0e tree 7494139e7560bf6f6a0b9e8ebee74dbbb01b6bcb parent 4ee52a72377b4279ba81a3a1c2324a66cfd2c619 author Werner Koch wk@gnupg.org 1505892819 +0200 committer Werner Koch wk@gnupg.org 1505892819 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTB00tpIZ5K7sC6HCHj/f8hjkW3KwUCWcIZ1AAKCRDj/f8hjkW3 K6PzAP0T/keoxJGIWRGiXpiKQQbX2utH/cnR+sM/Y07q4bL1LgEAktfdJ2Z1ZxJm 4K/rozUhx8OrvIuw5YP0QcJAem83dgA= =XNb3 -----END PGP SIGNATURE-----
10/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Performance Zeitcontrol and Gnuk tokens: (milliseconds measured inside gpg on an X220) cpu algo sign (verify) nxp rsa2048 470 0.1 nxp rsa4096 2800 0.9 stm32 ed25519 45 6.0 RSA is 60 times slower than Ed25519 for signing. RSA is always fast as lightning for verication. Our Ed25519 verication code is a bit slow.
10/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Performance Zeitcontrol and Gnuk tokens: (milliseconds measured inside gpg on an X220) cpu algo sign (verify) nxp rsa2048 470 0.1 nxp rsa4096 2800 0.9 stm32 ed25519 45 6.0 RSA is 60 times slower than Ed25519 for signing. RSA is always fast as lightning for verication. Our Ed25519 verication code is a bit slow.
11/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Outline Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up
12/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Gpg and its prompts Written as replacement for PGP-2. Direct the user into the right direction LibGPGME for common tasks Hard to automate (requires FSM) Better API? Too many options and uncertainty which are really needed. Meanwhile we know the common use patterns . . . Let's welcome the quick-foo commands.
12/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Gpg and its prompts Written as replacement for PGP-2. Direct the user into the right direction LibGPGME for common tasks Hard to automate (requires FSM) Better API? Too many options and uncertainty which are really needed. Meanwhile we know the common use patterns . . . Let's welcome the quick-foo commands.
12/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Gpg and its prompts Written as replacement for PGP-2. Direct the user into the right direction LibGPGME for common tasks Hard to automate (requires FSM) Better API? Too many options and uncertainty which are really needed. Meanwhile we know the common use patterns . . . Let's welcome the quick-foo commands.
13/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Key generation $ gpg --quick-generate-key USER_ID [ALGO [USAGE [EXPIRE]]] Try future-default for ALGO. If you don't want a passphrase, do this $ gpg --passphrase '' --batch --quick-generate-key USER_ID
14/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Changing the expiration date The default is to create keys which expire in two years. OpenPGP allows to prolong the expiration date. To set the expiration to 2 years from now: $ gpg --quick-set-expire FINGERPRINT -
15/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Adding a subkey Subkeys are very useful for key management. Adding more subkeys is easy: $ gpg --quick-add-key FINGERPRINT [ALGO [USAGE [EXPIRE]]]
16/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Adding/Revoking a user id Got a new mail address? $ gpg --quick-add-uid FINGERPRINT NEW_USER_ID Lost that address? $ gpg --quick-revoke-uid FINGERPRINT USER_ID Tell others which user id to see: $ gpg --quick-set-primary-uid FINGERPRINT USER_ID
17/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Key signing Key signing party: $ gpg --quick-sign-key FINGERPRINT [NAMES] Mark a key locally as veried: $ gpg --quick-lsign-key FINGERPRINT [NAMES]
18/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Encryption w/o a keyring Instead of importing a key and using its ngerprint, the -f option can be used: $ gpg -f FILE_WITH_KEY -e DATA The new export lters can be used to create a key le.
19/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Outline Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up
20/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Key discovery Keyservers can't map an address to a key. Only the mail provider can do that. Mail addresses are not under the user's authority like their keys are. Mail provider provides the key (web key directory). Keyservers are decentralized; this is a Good Thing—. Verifying keyservers harm the PGP ecosystem. They need to be under a single authority. The return of the X.500 dilemma.
20/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Key discovery Keyservers can't map an address to a key. Only the mail provider can do that. Mail addresses are not under the user's authority like their keys are. Mail provider provides the key (web key directory). Keyservers are decentralized; this is a Good Thing—. Verifying keyservers harm the PGP ecosystem. They need to be under a single authority. The return of the X.500 dilemma.
21/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Key Validation The Web-of-Trust is a geek's instrument. Hard to explain. Global social graph. It does not scale. The Trust On First Use (TOFU) paradigm is better. Easy to explain. Local. Keeps the PGP properties.
21/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Key Validation The Web-of-Trust is a geek's instrument. Hard to explain. Global social graph. It does not scale. The Trust On First Use (TOFU) paradigm is better. Easy to explain. Local. Keeps the PGP properties.
22/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Outline Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up
23/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up The two interfaces human This is plainly for human comsumption Translated. Uses the native charset Strings may change with each release Never use it for scripting!
24/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up The two interfaces machine This is mainly for scripting Fixed strings Always UTF-8 Only compatible changes since 1.0 Enable this interface using --batch --with-colons --status-fd=2 When using the interactor (--command-fd) leave out --batch. awk -F: is your friend. See doc/DETAILS for a full description.
25/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Import and export lter Remove funny signatures. My gpg.conf: import-filter drop-sig= sig_created_d=2015-12-24 import-filter drop-sig=|| sig_created_d=2016-03-16 Show keys in a le $ gpg --import-options show-only --import FILE Export only the userids with a given mail address $ gpg -a --export-options=export-minimal --export-filter keep-uid=mbox=wk@gnupg.org --export FINGERPRINT
26/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Ssh-agent It is more than 10 years old: $ ssh-add transfers existing keys into GnuPG's key store and makes them permanent. Works nicely with smartcards Use a subkey for ssh ssh-add still works You can't live without it.
26/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Ssh-agent It is more than 10 years old: $ ssh-add transfers existing keys into GnuPG's key store and makes them permanent. Works nicely with smartcards Use a subkey for ssh ssh-add still works You can't live without it.
27/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Outline Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up
28/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up GnuPG 2.2 Modern algos Better scriptability Auto key discovery when a mail address is given. We need to talk to providers. Take care: Debian has 2.1.18 plus some changes. Ubuntu has a partly broken 2.1.11 Thanks for listening. Questions? Slides are © 2017 GnuPG e.V., CC BY-SA 4.0. https://gnupg.org/ftp/blurbs/kernel-recipes-2017-modern-key-management.pdf
28/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up GnuPG 2.2 Modern algos Better scriptability Auto key discovery when a mail address is given. We need to talk to providers. Take care: Debian has 2.1.18 plus some changes. Ubuntu has a partly broken 2.1.11 Thanks for listening. Questions? Slides are © 2017 GnuPG e.V., CC BY-SA 4.0. https://gnupg.org/ftp/blurbs/kernel-recipes-2017-modern-key-management.pdf
28/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up GnuPG 2.2 Modern algos Better scriptability Auto key discovery when a mail address is given. We need to talk to providers. Take care: Debian has 2.1.18 plus some changes. Ubuntu has a partly broken 2.1.11 Thanks for listening. Questions? Slides are © 2017 GnuPG e.V., CC BY-SA 4.0. https://gnupg.org/ftp/blurbs/kernel-recipes-2017-modern-key-management.pdf

Recomendados

BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)Brendan Gregg
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareBrendan Gregg
 
bcc/BPF tools - Strategy, current tools, future challenges
bcc/BPF tools - Strategy, current tools, future challengesbcc/BPF tools - Strategy, current tools, future challenges
bcc/BPF tools - Strategy, current tools, future challengesIO Visor Project
 
Security Monitoring with eBPF
Security Monitoring with eBPFSecurity Monitoring with eBPF
Security Monitoring with eBPFAlex Maestretti
 
Linux 4.x Tracing: Performance Analysis with bcc/BPF
Linux 4.x Tracing: Performance Analysis with bcc/BPFLinux 4.x Tracing: Performance Analysis with bcc/BPF
Linux 4.x Tracing: Performance Analysis with bcc/BPFBrendan Gregg
 
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021Valeriy Kravchuk
 
Performance Wins with BPF: Getting Started
Performance Wins with BPF: Getting StartedPerformance Wins with BPF: Getting Started
Performance Wins with BPF: Getting StartedBrendan Gregg
 
re:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at Netflixre:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at NetflixBrendan Gregg
 

Recomendados

BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)Brendan Gregg
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareBrendan Gregg
 
bcc/BPF tools - Strategy, current tools, future challenges
bcc/BPF tools - Strategy, current tools, future challengesbcc/BPF tools - Strategy, current tools, future challenges
bcc/BPF tools - Strategy, current tools, future challengesIO Visor Project
 
Security Monitoring with eBPF
Security Monitoring with eBPFSecurity Monitoring with eBPF
Security Monitoring with eBPFAlex Maestretti
 
Linux 4.x Tracing: Performance Analysis with bcc/BPF
Linux 4.x Tracing: Performance Analysis with bcc/BPFLinux 4.x Tracing: Performance Analysis with bcc/BPF
Linux 4.x Tracing: Performance Analysis with bcc/BPFBrendan Gregg
 
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021Valeriy Kravchuk
 
Performance Wins with BPF: Getting Started
Performance Wins with BPF: Getting StartedPerformance Wins with BPF: Getting Started
Performance Wins with BPF: Getting StartedBrendan Gregg
 
re:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at Netflixre:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at NetflixBrendan Gregg
 
The Next Linux Superpower: eBPF Primer
The Next Linux Superpower: eBPF PrimerThe Next Linux Superpower: eBPF Primer
The Next Linux Superpower: eBPF PrimerSasha Goldshtein
 
ATO Linux Performance 2018
ATO Linux Performance 2018ATO Linux Performance 2018
ATO Linux Performance 2018Brendan Gregg
 
Linux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloudLinux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloudAndrea Righi
 
Performance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux KernelPerformance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux Kernellcplcp1
 
LPC2019 BPF Tracing Tools
LPC2019 BPF Tracing ToolsLPC2019 BPF Tracing Tools
LPC2019 BPF Tracing ToolsBrendan Gregg
 
Systems@Scale 2021 BPF Performance Getting Started
Systems@Scale 2021 BPF Performance Getting StartedSystems@Scale 2021 BPF Performance Getting Started
Systems@Scale 2021 BPF Performance Getting StartedBrendan Gregg
 
eBPF Basics
eBPF BasicseBPF Basics
eBPF BasicsMichael Kehoe
 
Kernel development
Kernel developmentKernel development
Kernel developmentNuno Martins
 
LSFMM 2019 BPF Observability
LSFMM 2019 BPF ObservabilityLSFMM 2019 BPF Observability
LSFMM 2019 BPF ObservabilityBrendan Gregg
 
Modern Linux Tracing Landscape
Modern Linux Tracing LandscapeModern Linux Tracing Landscape
Modern Linux Tracing LandscapeSasha Goldshtein
 
Staring into the eBPF Abyss
Staring into the eBPF AbyssStaring into the eBPF Abyss
Staring into the eBPF AbyssSasha Goldshtein
 
Kernel Recipes 2017: Performance Analysis with BPF
Kernel Recipes 2017: Performance Analysis with BPFKernel Recipes 2017: Performance Analysis with BPF
Kernel Recipes 2017: Performance Analysis with BPFBrendan Gregg
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingViller Hsiao
 
Tuning parallelcodeonsolaris005
Tuning parallelcodeonsolaris005Tuning parallelcodeonsolaris005
Tuning parallelcodeonsolaris005dflexer
 
BPF Tools 2017
BPF Tools 2017BPF Tools 2017
BPF Tools 2017Brendan Gregg
 
eBPF Perf Tools 2019
eBPF Perf Tools 2019eBPF Perf Tools 2019
eBPF Perf Tools 2019Brendan Gregg
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPFIvan Babrou
 
NetConf 2018 BPF Observability
NetConf 2018 BPF ObservabilityNetConf 2018 BPF Observability
NetConf 2018 BPF ObservabilityBrendan Gregg
 
netfilter and iptables
netfilter and iptablesnetfilter and iptables
netfilter and iptablesKernel TLV
 
Profiling your Applications using the Linux Perf Tools
Profiling your Applications using the Linux Perf ToolsProfiling your Applications using the Linux Perf Tools
Profiling your Applications using the Linux Perf ToolsemBO_Conference
 
How our Cloudy Mindsets Approached Physical Routers
How our Cloudy Mindsets Approached Physical RoutersHow our Cloudy Mindsets Approached Physical Routers
How our Cloudy Mindsets Approached Physical RoutersSteffen Gebert
 
PG-Strom - GPGPU meets PostgreSQL, PGcon2015
PG-Strom - GPGPU meets PostgreSQL, PGcon2015PG-Strom - GPGPU meets PostgreSQL, PGcon2015
PG-Strom - GPGPU meets PostgreSQL, PGcon2015Kohei KaiGai
 

Mais conteúdo relacionado

Mais procurados

The Next Linux Superpower: eBPF Primer
The Next Linux Superpower: eBPF PrimerThe Next Linux Superpower: eBPF Primer
The Next Linux Superpower: eBPF PrimerSasha Goldshtein
 
ATO Linux Performance 2018
ATO Linux Performance 2018ATO Linux Performance 2018
ATO Linux Performance 2018Brendan Gregg
 
Linux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloudLinux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloudAndrea Righi
 
Performance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux KernelPerformance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux Kernellcplcp1
 
LPC2019 BPF Tracing Tools
LPC2019 BPF Tracing ToolsLPC2019 BPF Tracing Tools
LPC2019 BPF Tracing ToolsBrendan Gregg
 
Systems@Scale 2021 BPF Performance Getting Started
Systems@Scale 2021 BPF Performance Getting StartedSystems@Scale 2021 BPF Performance Getting Started
Systems@Scale 2021 BPF Performance Getting StartedBrendan Gregg
 
Kernel development
Kernel developmentKernel development
Kernel developmentNuno Martins
 
LSFMM 2019 BPF Observability
LSFMM 2019 BPF ObservabilityLSFMM 2019 BPF Observability
LSFMM 2019 BPF ObservabilityBrendan Gregg
 
Modern Linux Tracing Landscape
Modern Linux Tracing LandscapeModern Linux Tracing Landscape
Modern Linux Tracing LandscapeSasha Goldshtein
 
Staring into the eBPF Abyss
Staring into the eBPF AbyssStaring into the eBPF Abyss
Staring into the eBPF AbyssSasha Goldshtein
 
Kernel Recipes 2017: Performance Analysis with BPF
Kernel Recipes 2017: Performance Analysis with BPFKernel Recipes 2017: Performance Analysis with BPF
Kernel Recipes 2017: Performance Analysis with BPFBrendan Gregg
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingViller Hsiao
 
Tuning parallelcodeonsolaris005
Tuning parallelcodeonsolaris005Tuning parallelcodeonsolaris005
Tuning parallelcodeonsolaris005dflexer
 
eBPF Perf Tools 2019
eBPF Perf Tools 2019eBPF Perf Tools 2019
eBPF Perf Tools 2019Brendan Gregg
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPFIvan Babrou
 
NetConf 2018 BPF Observability
NetConf 2018 BPF ObservabilityNetConf 2018 BPF Observability
NetConf 2018 BPF ObservabilityBrendan Gregg
 
netfilter and iptables
netfilter and iptablesnetfilter and iptables
netfilter and iptablesKernel TLV
 
Profiling your Applications using the Linux Perf Tools
Profiling your Applications using the Linux Perf ToolsProfiling your Applications using the Linux Perf Tools
Profiling your Applications using the Linux Perf ToolsemBO_Conference
 

Mais procurados (20)

The Next Linux Superpower: eBPF Primer
The Next Linux Superpower: eBPF PrimerThe Next Linux Superpower: eBPF Primer
The Next Linux Superpower: eBPF Primer
 
ATO Linux Performance 2018
ATO Linux Performance 2018ATO Linux Performance 2018
ATO Linux Performance 2018
 
Linux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloudLinux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloud
 
Performance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux KernelPerformance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux Kernel
 
LPC2019 BPF Tracing Tools
LPC2019 BPF Tracing ToolsLPC2019 BPF Tracing Tools
LPC2019 BPF Tracing Tools
 
Systems@Scale 2021 BPF Performance Getting Started
Systems@Scale 2021 BPF Performance Getting StartedSystems@Scale 2021 BPF Performance Getting Started
Systems@Scale 2021 BPF Performance Getting Started
 
eBPF Basics
eBPF BasicseBPF Basics
eBPF Basics
 
Kernel development
Kernel developmentKernel development
Kernel development
 
LSFMM 2019 BPF Observability
LSFMM 2019 BPF ObservabilityLSFMM 2019 BPF Observability
LSFMM 2019 BPF Observability
 
Modern Linux Tracing Landscape
Modern Linux Tracing LandscapeModern Linux Tracing Landscape
Modern Linux Tracing Landscape
 
Staring into the eBPF Abyss
Staring into the eBPF AbyssStaring into the eBPF Abyss
Staring into the eBPF Abyss
 
Kernel Recipes 2017: Performance Analysis with BPF
Kernel Recipes 2017: Performance Analysis with BPFKernel Recipes 2017: Performance Analysis with BPF
Kernel Recipes 2017: Performance Analysis with BPF
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracing
 
Tuning parallelcodeonsolaris005
Tuning parallelcodeonsolaris005Tuning parallelcodeonsolaris005
Tuning parallelcodeonsolaris005
 
BPF Tools 2017
BPF Tools 2017BPF Tools 2017
BPF Tools 2017
 
eBPF Perf Tools 2019
eBPF Perf Tools 2019eBPF Perf Tools 2019
eBPF Perf Tools 2019
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPF
 
NetConf 2018 BPF Observability
NetConf 2018 BPF ObservabilityNetConf 2018 BPF Observability
NetConf 2018 BPF Observability
 
netfilter and iptables
netfilter and iptablesnetfilter and iptables
netfilter and iptables
 
Profiling your Applications using the Linux Perf Tools
Profiling your Applications using the Linux Perf ToolsProfiling your Applications using the Linux Perf Tools
Profiling your Applications using the Linux Perf Tools
 

Semelhante a Kernel Recipes 2017 - Modern Key Management with GPG - Werner Koch

How our Cloudy Mindsets Approached Physical Routers
How our Cloudy Mindsets Approached Physical RoutersHow our Cloudy Mindsets Approached Physical Routers
How our Cloudy Mindsets Approached Physical RoutersSteffen Gebert
 
PG-Strom - GPGPU meets PostgreSQL, PGcon2015
PG-Strom - GPGPU meets PostgreSQL, PGcon2015PG-Strom - GPGPU meets PostgreSQL, PGcon2015
PG-Strom - GPGPU meets PostgreSQL, PGcon2015Kohei KaiGai
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWebinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWeaveworks
 
2-GPGPU-Sim-Overview.pptx
2-GPGPU-Sim-Overview.pptx2-GPGPU-Sim-Overview.pptx
2-GPGPU-Sim-Overview.pptxYonggangLiu3
 
Cloud native IPC for Microservices Workshop @ Containerdays 2022
Cloud native IPC for Microservices Workshop @ Containerdays 2022Cloud native IPC for Microservices Workshop @ Containerdays 2022
Cloud native IPC for Microservices Workshop @ Containerdays 2022QAware GmbH
 
GPGPU Accelerates PostgreSQL ~Unlock the power of multi-thousand cores~
GPGPU Accelerates PostgreSQL ~Unlock the power of multi-thousand cores~GPGPU Accelerates PostgreSQL ~Unlock the power of multi-thousand cores~
GPGPU Accelerates PostgreSQL ~Unlock the power of multi-thousand cores~Kohei KaiGai
 
S5429_LanceBrown
S5429_LanceBrownS5429_LanceBrown
S5429_LanceBrownLance Brown
 
High throughput implementations of cryptography algorithms on GPU and FPGA
High throughput implementations of cryptography algorithms on GPU and FPGAHigh throughput implementations of cryptography algorithms on GPU and FPGA
High throughput implementations of cryptography algorithms on GPU and FPGAnitin3940
 
Using GTP on Linux with libgtpnl
Using GTP on Linux with libgtpnlUsing GTP on Linux with libgtpnl
Using GTP on Linux with libgtpnlKentaro Ebisawa
 
InfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestratorInfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestratorGianluca Arbezzano
 
Layer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikLayer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikGLC Networks
 
Yannis Zarkadas. Enterprise data science workflows on kubeflow
Yannis Zarkadas. Enterprise data science workflows on kubeflowYannis Zarkadas. Enterprise data science workflows on kubeflow
Yannis Zarkadas. Enterprise data science workflows on kubeflowMarynaHoldaieva
 
Yannis Zarkadas. Stefano Fioravanzo. Enterprise data science workflows on kub...
Yannis Zarkadas. Stefano Fioravanzo. Enterprise data science workflows on kub...Yannis Zarkadas. Stefano Fioravanzo. Enterprise data science workflows on kub...
Yannis Zarkadas. Stefano Fioravanzo. Enterprise data science workflows on kub...Lviv Startup Club
 
RTBkit Meetup - Developer Spotlight, Behind the Scenes of RTBkit and Intro to...
RTBkit Meetup - Developer Spotlight, Behind the Scenes of RTBkit and Intro to...RTBkit Meetup - Developer Spotlight, Behind the Scenes of RTBkit and Intro to...
RTBkit Meetup - Developer Spotlight, Behind the Scenes of RTBkit and Intro to...Datacratic
 
Mikrotik Fastpath vs Fasttrack
Mikrotik Fastpath vs FasttrackMikrotik Fastpath vs Fasttrack
Mikrotik Fastpath vs FasttrackGLC Networks
 
SRv6 Mobile User Plane : Initial POC and Implementation
SRv6 Mobile User Plane : Initial POC and ImplementationSRv6 Mobile User Plane : Initial POC and Implementation
SRv6 Mobile User Plane : Initial POC and ImplementationKentaro Ebisawa
 
Dev.bg DevOps March 2024 Monitoring & Logging
Dev.bg DevOps March 2024 Monitoring & LoggingDev.bg DevOps March 2024 Monitoring & Logging
Dev.bg DevOps March 2024 Monitoring & LoggingMarian Marinov
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesCumulus Networks
 
Scaling Django with gevent
Scaling Django with geventScaling Django with gevent
Scaling Django with geventMahendra M
 

Semelhante a Kernel Recipes 2017 - Modern Key Management with GPG - Werner Koch (20)

How our Cloudy Mindsets Approached Physical Routers
How our Cloudy Mindsets Approached Physical RoutersHow our Cloudy Mindsets Approached Physical Routers
How our Cloudy Mindsets Approached Physical Routers
 
PG-Strom - GPGPU meets PostgreSQL, PGcon2015
PG-Strom - GPGPU meets PostgreSQL, PGcon2015PG-Strom - GPGPU meets PostgreSQL, PGcon2015
PG-Strom - GPGPU meets PostgreSQL, PGcon2015
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWebinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
 
2-GPGPU-Sim-Overview.pptx
2-GPGPU-Sim-Overview.pptx2-GPGPU-Sim-Overview.pptx
2-GPGPU-Sim-Overview.pptx
 
cogiel-OLT.pdf
cogiel-OLT.pdfcogiel-OLT.pdf
cogiel-OLT.pdf
 
Cloud native IPC for Microservices Workshop @ Containerdays 2022
Cloud native IPC for Microservices Workshop @ Containerdays 2022Cloud native IPC for Microservices Workshop @ Containerdays 2022
Cloud native IPC for Microservices Workshop @ Containerdays 2022
 
GPGPU Accelerates PostgreSQL ~Unlock the power of multi-thousand cores~
GPGPU Accelerates PostgreSQL ~Unlock the power of multi-thousand cores~GPGPU Accelerates PostgreSQL ~Unlock the power of multi-thousand cores~
GPGPU Accelerates PostgreSQL ~Unlock the power of multi-thousand cores~
 
S5429_LanceBrown
S5429_LanceBrownS5429_LanceBrown
S5429_LanceBrown
 
High throughput implementations of cryptography algorithms on GPU and FPGA
High throughput implementations of cryptography algorithms on GPU and FPGAHigh throughput implementations of cryptography algorithms on GPU and FPGA
High throughput implementations of cryptography algorithms on GPU and FPGA
 
Using GTP on Linux with libgtpnl
Using GTP on Linux with libgtpnlUsing GTP on Linux with libgtpnl
Using GTP on Linux with libgtpnl
 
InfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestratorInfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestrator
 
Layer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikLayer 7 Firewall on Mikrotik
Layer 7 Firewall on Mikrotik
 
Yannis Zarkadas. Enterprise data science workflows on kubeflow
Yannis Zarkadas. Enterprise data science workflows on kubeflowYannis Zarkadas. Enterprise data science workflows on kubeflow
Yannis Zarkadas. Enterprise data science workflows on kubeflow
 
Yannis Zarkadas. Stefano Fioravanzo. Enterprise data science workflows on kub...
Yannis Zarkadas. Stefano Fioravanzo. Enterprise data science workflows on kub...Yannis Zarkadas. Stefano Fioravanzo. Enterprise data science workflows on kub...
Yannis Zarkadas. Stefano Fioravanzo. Enterprise data science workflows on kub...
 
RTBkit Meetup - Developer Spotlight, Behind the Scenes of RTBkit and Intro to...
RTBkit Meetup - Developer Spotlight, Behind the Scenes of RTBkit and Intro to...RTBkit Meetup - Developer Spotlight, Behind the Scenes of RTBkit and Intro to...
RTBkit Meetup - Developer Spotlight, Behind the Scenes of RTBkit and Intro to...
 
Mikrotik Fastpath vs Fasttrack
Mikrotik Fastpath vs FasttrackMikrotik Fastpath vs Fasttrack
Mikrotik Fastpath vs Fasttrack
 
SRv6 Mobile User Plane : Initial POC and Implementation
SRv6 Mobile User Plane : Initial POC and ImplementationSRv6 Mobile User Plane : Initial POC and Implementation
SRv6 Mobile User Plane : Initial POC and Implementation
 
Dev.bg DevOps March 2024 Monitoring & Logging
Dev.bg DevOps March 2024 Monitoring & LoggingDev.bg DevOps March 2024 Monitoring & Logging
Dev.bg DevOps March 2024 Monitoring & Logging
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center Architectures
 
Scaling Django with gevent
Scaling Django with geventScaling Django with gevent
Scaling Django with gevent
 

Mais de Anne Nicolas

Kernel Recipes 2019 - Driving the industry toward upstream first
Kernel Recipes 2019 - Driving the industry toward upstream firstKernel Recipes 2019 - Driving the industry toward upstream first
Kernel Recipes 2019 - Driving the industry toward upstream firstAnne Nicolas
 
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIKernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIAnne Nicolas
 
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelKernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelAnne Nicolas
 
Kernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyKernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyAnne Nicolas
 
Kernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and futureKernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and futureAnne Nicolas
 
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...Anne Nicolas
 
Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary data
Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary dataKernel Recipes 2019 - GNU poke, an extensible editor for structured binary data
Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary dataAnne Nicolas
 
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Anne Nicolas
 
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and Barebox
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and BareboxEmbedded Recipes 2019 - Remote update adventures with RAUC, Yocto and Barebox
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and BareboxAnne Nicolas
 
Embedded Recipes 2019 - Making embedded graphics less special
Embedded Recipes 2019 - Making embedded graphics less specialEmbedded Recipes 2019 - Making embedded graphics less special
Embedded Recipes 2019 - Making embedded graphics less specialAnne Nicolas
 
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre SiliconEmbedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre SiliconAnne Nicolas
 
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) picture
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) pictureEmbedded Recipes 2019 - From maintaining I2C to the big (embedded) picture
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) pictureAnne Nicolas
 
Embedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayEmbedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayAnne Nicolas
 
Embedded Recipes 2019 - Herd your socs become a matchmaker
Embedded Recipes 2019 - Herd your socs become a matchmakerEmbedded Recipes 2019 - Herd your socs become a matchmaker
Embedded Recipes 2019 - Herd your socs become a matchmakerAnne Nicolas
 
Embedded Recipes 2019 - LLVM / Clang integration
Embedded Recipes 2019 - LLVM / Clang integrationEmbedded Recipes 2019 - LLVM / Clang integration
Embedded Recipes 2019 - LLVM / Clang integrationAnne Nicolas
 
Embedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debuggingEmbedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debuggingAnne Nicolas
 
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimedia
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimediaEmbedded Recipes 2019 - Pipewire a new foundation for embedded multimedia
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimediaAnne Nicolas
 
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedKernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedAnne Nicolas
 
Kernel Recipes 2019 - Suricata and XDP
Kernel Recipes 2019 - Suricata and XDPKernel Recipes 2019 - Suricata and XDP
Kernel Recipes 2019 - Suricata and XDPAnne Nicolas
 
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Anne Nicolas
 

Mais de Anne Nicolas (20)

Kernel Recipes 2019 - Driving the industry toward upstream first
Kernel Recipes 2019 - Driving the industry toward upstream firstKernel Recipes 2019 - Driving the industry toward upstream first
Kernel Recipes 2019 - Driving the industry toward upstream first
 
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIKernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
 
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelKernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
 
Kernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyKernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are money
 
Kernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and futureKernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and future
 
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
 
Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary data
Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary dataKernel Recipes 2019 - GNU poke, an extensible editor for structured binary data
Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary data
 
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
 
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and Barebox
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and BareboxEmbedded Recipes 2019 - Remote update adventures with RAUC, Yocto and Barebox
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and Barebox
 
Embedded Recipes 2019 - Making embedded graphics less special
Embedded Recipes 2019 - Making embedded graphics less specialEmbedded Recipes 2019 - Making embedded graphics less special
Embedded Recipes 2019 - Making embedded graphics less special
 
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre SiliconEmbedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
 
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) picture
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) pictureEmbedded Recipes 2019 - From maintaining I2C to the big (embedded) picture
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) picture
 
Embedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayEmbedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops way
 
Embedded Recipes 2019 - Herd your socs become a matchmaker
Embedded Recipes 2019 - Herd your socs become a matchmakerEmbedded Recipes 2019 - Herd your socs become a matchmaker
Embedded Recipes 2019 - Herd your socs become a matchmaker
 
Embedded Recipes 2019 - LLVM / Clang integration
Embedded Recipes 2019 - LLVM / Clang integrationEmbedded Recipes 2019 - LLVM / Clang integration
Embedded Recipes 2019 - LLVM / Clang integration
 
Embedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debuggingEmbedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debugging
 
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimedia
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimediaEmbedded Recipes 2019 - Pipewire a new foundation for embedded multimedia
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimedia
 
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedKernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
 
Kernel Recipes 2019 - Suricata and XDP
Kernel Recipes 2019 - Suricata and XDPKernel Recipes 2019 - Suricata and XDP
Kernel Recipes 2019 - Suricata and XDP
 
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
 

Último

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 

Último (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 

Kernel Recipes 2017 - Modern Key Management with GPG - Werner Koch

  • 1. Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Modern Key Management with GPG Werner Koch Kernel-Recipes Paris September 28, 2017
  • 2. 2/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Outline Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up
  • 3. 3/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Versions GnuPG 2.2 released a few weeks ago. 2.1 has been around for nearly 3 years. New features Easy key discovery for any mail address. Full separation between private key and gpg Curve25519 support Better CLI support . . . End of life for 2.0 in 3 months. We keep 1.4 for its PGP-2 support and portability to pre-POSIX systems.
  • 4. 4/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up What's next RFC-4880bis work in 2.3 AEAD mode SHA-256 ngerprint New default algos Moving up the stack: Help integrating new features Checking existing use Make Gnuk easier available Write more than reference manuals.
  • 5. 5/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Outline Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up
  • 6. 6/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Why ECC (1) ECC algorithms are very well researched. Instead of key sizes we speak of dierent curves For RSA et al. one implementation ts all sizes. For ECC each curve needs to be implemented separately. A large class of curves can be implemented using a table of parameters.
  • 7. 7/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Why ECC (2) Certain curves have a bad repudiation. In particular the NIST curves as required for Suite B. European Brainpool curves might be better . . . . . . still are too similar to the NIST curves. So let's move on. The new de-facto standard (RFC-7748) is: Curve25519 Curve448-Goldilocks Variants for use with EdDSA
  • 8. 7/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Why ECC (2) Certain curves have a bad repudiation. In particular the NIST curves as required for Suite B. European Brainpool curves might be better . . . . . . still are too similar to the NIST curves. So let's move on. The new de-facto standard (RFC-7748) is: Curve25519 Curve448-Goldilocks Variants for use with EdDSA
  • 9. 8/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Example rsa4096 commit 72339165aeedec035b821c89453236e2c6949bb6 tree 92c63895b041aa198518a25b87f8ebb727dc4743 parent 2b60d1fe650683ab4fa5690fa2f8c41605fb6e0e author Werner Koch wk@gnupg.org 1505892912 +0200 committer Werner Koch wk@gnupg.org 1505892912 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEssy2g4MyXWG6xQ+fzSGoCsjFJWUFAlnCGjAACgkQzSGoCsjF JWVm/g//cool4UycftJSh9Fuy9pmXjDxjudheeQ6UaaWYuMlBYZTVsyjdkknM4Iw f92HKm1ieJpXc1KS89nd/iJRXSYFl307hfFsBPuohGIgUaIFOoqyb8TOxXQ7INbg wTpDvbPMk0yZHNA8feHC1v+R2rRQbsUfQwmNtw9FpcvR0hZ7Lp+5jpLTU6th3zpI Dz3Rlo26kJ7aMxtH8xjlnXnevL/GPc4zFpNOWhjJhASeDjpEUid6WguaaWfJkLOo U0bM43yk1FXdr0KyoOdM0aqJNT49jlpND1xFtVB3/wivOFngwBgcrzLRHCcJFGS6 HZJoIF0yQoVjmp9zSCrRwdQL6OybC2rWrlhIeEcy7XFwivtsVkr/H+t+Xty0AnFz vXi8deJa0E6L+k5E4CY3WvhDpV/CGWdd+owrr52nUZIIZGTgLv7QosOd3WCD6iya CqIBlEtEaVK7kX/2qhg4pn3/EQ6n2y+2fAcNGW6JAQK1Kui+BuheO9zSYhhUj1y1 F72n0mM4Im7ndM+44Ctc+jTw/NbYDRGRhomGnMYYLLOKJ+RY1VLE+esFTVtfbTtm uiFOb427d5UPhNm/NY8hKAVcvbdlt335rQjR4+Wjo7suQAuP0zV182dHwXrCQ3Tk 3hk60KOoiJj6nKhkOERaFkB/XhnUJGqNXPIrYtuoPwX2eQhQBvA= =Gvqf -----END PGP SIGNATURE-----
  • 10. 9/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Example ed25519 commit 2b60d1fe650683ab4fa5690fa2f8c41605fb6e0e tree 7494139e7560bf6f6a0b9e8ebee74dbbb01b6bcb parent 4ee52a72377b4279ba81a3a1c2324a66cfd2c619 author Werner Koch wk@gnupg.org 1505892819 +0200 committer Werner Koch wk@gnupg.org 1505892819 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTB00tpIZ5K7sC6HCHj/f8hjkW3KwUCWcIZ1AAKCRDj/f8hjkW3 K6PzAP0T/keoxJGIWRGiXpiKQQbX2utH/cnR+sM/Y07q4bL1LgEAktfdJ2Z1ZxJm 4K/rozUhx8OrvIuw5YP0QcJAem83dgA= =XNb3 -----END PGP SIGNATURE-----
  • 11. 10/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Performance Zeitcontrol and Gnuk tokens: (milliseconds measured inside gpg on an X220) cpu algo sign (verify) nxp rsa2048 470 0.1 nxp rsa4096 2800 0.9 stm32 ed25519 45 6.0 RSA is 60 times slower than Ed25519 for signing. RSA is always fast as lightning for verication. Our Ed25519 verication code is a bit slow.
  • 12. 10/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Performance Zeitcontrol and Gnuk tokens: (milliseconds measured inside gpg on an X220) cpu algo sign (verify) nxp rsa2048 470 0.1 nxp rsa4096 2800 0.9 stm32 ed25519 45 6.0 RSA is 60 times slower than Ed25519 for signing. RSA is always fast as lightning for verication. Our Ed25519 verication code is a bit slow.
  • 13. 11/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Outline Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up
  • 14. 12/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Gpg and its prompts Written as replacement for PGP-2. Direct the user into the right direction LibGPGME for common tasks Hard to automate (requires FSM) Better API? Too many options and uncertainty which are really needed. Meanwhile we know the common use patterns . . . Let's welcome the quick-foo commands.
  • 15. 12/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Gpg and its prompts Written as replacement for PGP-2. Direct the user into the right direction LibGPGME for common tasks Hard to automate (requires FSM) Better API? Too many options and uncertainty which are really needed. Meanwhile we know the common use patterns . . . Let's welcome the quick-foo commands.
  • 16. 12/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Gpg and its prompts Written as replacement for PGP-2. Direct the user into the right direction LibGPGME for common tasks Hard to automate (requires FSM) Better API? Too many options and uncertainty which are really needed. Meanwhile we know the common use patterns . . . Let's welcome the quick-foo commands.
  • 17. 13/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Key generation $ gpg --quick-generate-key USER_ID [ALGO [USAGE [EXPIRE]]] Try future-default for ALGO. If you don't want a passphrase, do this $ gpg --passphrase '' --batch --quick-generate-key USER_ID
  • 18. 14/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Changing the expiration date The default is to create keys which expire in two years. OpenPGP allows to prolong the expiration date. To set the expiration to 2 years from now: $ gpg --quick-set-expire FINGERPRINT -
  • 19. 15/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Adding a subkey Subkeys are very useful for key management. Adding more subkeys is easy: $ gpg --quick-add-key FINGERPRINT [ALGO [USAGE [EXPIRE]]]
  • 20. 16/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Adding/Revoking a user id Got a new mail address? $ gpg --quick-add-uid FINGERPRINT NEW_USER_ID Lost that address? $ gpg --quick-revoke-uid FINGERPRINT USER_ID Tell others which user id to see: $ gpg --quick-set-primary-uid FINGERPRINT USER_ID
  • 21. 17/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Key signing Key signing party: $ gpg --quick-sign-key FINGERPRINT [NAMES] Mark a key locally as veried: $ gpg --quick-lsign-key FINGERPRINT [NAMES]
  • 22. 18/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Encryption w/o a keyring Instead of importing a key and using its ngerprint, the -f option can be used: $ gpg -f FILE_WITH_KEY -e DATA The new export lters can be used to create a key le.
  • 23. 19/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Outline Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up
  • 24. 20/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Key discovery Keyservers can't map an address to a key. Only the mail provider can do that. Mail addresses are not under the user's authority like their keys are. Mail provider provides the key (web key directory). Keyservers are decentralized; this is a Good Thing—. Verifying keyservers harm the PGP ecosystem. They need to be under a single authority. The return of the X.500 dilemma.
  • 25. 20/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Key discovery Keyservers can't map an address to a key. Only the mail provider can do that. Mail addresses are not under the user's authority like their keys are. Mail provider provides the key (web key directory). Keyservers are decentralized; this is a Good Thing—. Verifying keyservers harm the PGP ecosystem. They need to be under a single authority. The return of the X.500 dilemma.
  • 26. 21/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Key Validation The Web-of-Trust is a geek's instrument. Hard to explain. Global social graph. It does not scale. The Trust On First Use (TOFU) paradigm is better. Easy to explain. Local. Keeps the PGP properties.
  • 27. 21/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Key Validation The Web-of-Trust is a geek's instrument. Hard to explain. Global social graph. It does not scale. The Trust On First Use (TOFU) paradigm is better. Easy to explain. Local. Keeps the PGP properties.
  • 28. 22/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Outline Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up
  • 29. 23/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up The two interfaces human This is plainly for human comsumption Translated. Uses the native charset Strings may change with each release Never use it for scripting!
  • 30. 24/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up The two interfaces machine This is mainly for scripting Fixed strings Always UTF-8 Only compatible changes since 1.0 Enable this interface using --batch --with-colons --status-fd=2 When using the interactor (--command-fd) leave out --batch. awk -F: is your friend. See doc/DETAILS for a full description.
  • 31. 25/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Import and export lter Remove funny signatures. My gpg.conf: import-filter drop-sig= sig_created_d=2015-12-24 import-filter drop-sig=|| sig_created_d=2016-03-16 Show keys in a le $ gpg --import-options show-only --import FILE Export only the userids with a given mail address $ gpg -a --export-options=export-minimal --export-filter keep-uid=mbox=wk@gnupg.org --export FINGERPRINT
  • 32. 26/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Ssh-agent It is more than 10 years old: $ ssh-add transfers existing keys into GnuPG's key store and makes them permanent. Works nicely with smartcards Use a subkey for ssh ssh-add still works You can't live without it.
  • 33. 26/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Ssh-agent It is more than 10 years old: $ ssh-add transfers existing keys into GnuPG's key store and makes them permanent. Works nicely with smartcards Use a subkey for ssh ssh-add still works You can't live without it.
  • 34. 27/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up Outline Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up
  • 35. 28/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up GnuPG 2.2 Modern algos Better scriptability Auto key discovery when a mail address is given. We need to talk to providers. Take care: Debian has 2.1.18 plus some changes. Ubuntu has a partly broken 2.1.11 Thanks for listening. Questions? Slides are © 2017 GnuPG e.V., CC BY-SA 4.0. https://gnupg.org/ftp/blurbs/kernel-recipes-2017-modern-key-management.pdf
  • 36. 28/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up GnuPG 2.2 Modern algos Better scriptability Auto key discovery when a mail address is given. We need to talk to providers. Take care: Debian has 2.1.18 plus some changes. Ubuntu has a partly broken 2.1.11 Thanks for listening. Questions? Slides are © 2017 GnuPG e.V., CC BY-SA 4.0. https://gnupg.org/ftp/blurbs/kernel-recipes-2017-modern-key-management.pdf
  • 37. 28/28 Where we are Modern algos The Quick commands Keyservers and such Hints on integrating gpg Wrapping Up GnuPG 2.2 Modern algos Better scriptability Auto key discovery when a mail address is given. We need to talk to providers. Take care: Debian has 2.1.18 plus some changes. Ubuntu has a partly broken 2.1.11 Thanks for listening. Questions? Slides are © 2017 GnuPG e.V., CC BY-SA 4.0. https://gnupg.org/ftp/blurbs/kernel-recipes-2017-modern-key-management.pdf