Commit graph

  • e4f6e9c59d
    Merge bc9a7a8954 into ece9752967 Matt Borja 2025-05-23 11:48:19 +08:00
  • bc9a7a8954
    Update verbiage for read flow (“obtained in advance”) Matt Borja 2025-05-23 02:49:49 +00:00
  • 7e3f6f7647
    Add missing closing parenthesis Matt Borja 2025-05-23 02:47:52 +00:00
  • 454cf8e0bf
    Include recommendation for sourcing offline copy of gpg.conf to avert needing an Internet connection in post Matt Borja 2025-05-23 02:47:09 +00:00
  • fbc9d4f517
    - Use dedicated section headings for Abstract and Disclaimer - Include MIT disclaimer and add copyright - Clarify use of tightly coupled process intended for offline package installation (bootable images already presumed to be verified through via external documentation) - Specify appropriate use of secure imaging host (imaging purposes only) - Provide link to Tails installation guide - Cleanup verbiage throughout using more direct procedural language - Rearrange paragraphs as needed to address disparities in logical flow of procedures, as in C/CD Considerations - Clarify hardware requirements for devices elected for air-gap use (e.g. SD card) - Reiterate verification requirements for Alpine Linux, citing both official sources and additional evidence sources - Add callout (3b) to fetch additional packages required for offlnie work in the air-gapped environment and thus rename gpg-bundle-* to airgap-bundle-* - Add explicit step to visually inspect and note SHA256 checksum of air-gap bundle before continuing (required for later verification) - Parameterize device paths when referencing use of removable storage medium - Note alternate use of repeating section 1.2.1 over current SD card (used for offline package retrieval) - Cleanup additional post-installation setup tasks introduced elsewhere in, else considered outside the scope of this document - Demonstrate use of && for requiring SHA256 to be valid before allowing air-gap bundle to be extracted and installed - Include sample command for listing key certifications during GPG environment verification (--list-sigs) Matt Borja 2025-05-19 17:43:14 +00:00
  • 67e63f5e40
    Cleanup Stage 1 introductory paragraph and rearrange "clean plate" analogy for logical flow Matt Borja 2025-05-19 07:46:47 +00:00
  • 8536df9cfc
    Rework Purpose section as Abstract and cleanup Matt Borja 2025-05-19 07:37:10 +00:00
  • dc2221e7de
    Add notes for restarting gpg-agent if connection to HSM is lost between $GNUPGHOME directories Matt Borja 2025-05-19 02:29:37 +00:00
  • 0d709dd9ba
    Update instructions for installing offline packages from removable storage after booting into the secure environment Matt Borja 2025-05-19 02:24:13 +00:00
  • bd96779276
    Cleanup remaining extraneous sections - 1.3 Building the Secure Environment Matt Borja 2025-05-19 02:18:47 +00:00
  • 8f31080af9
    Merge branch 'guide-secenv' into guide-secure-environment to sign last commit with current key only recognized by GitHub due to email field. Matt Borja 2025-05-19 02:09:11 +00:00
  • 1a7bc2ccf6
    Rework section introductory paragraphs for readability Begin reworking user stories as more procedural for brevity and procedural specificity (clarity) - Establishing a Secure Image Host - Use Tails OS as an Intermediary - Use the target OS to download packages - Acquire the target image - Boot the target image and download OS packages Matt Borja 2025-05-19 02:08:14 +00:00
  • acdbd14f8d
    Rework section introductory paragraphs for readability Matt Borja 2025-05-19 01:58:01 +00:00
  • 3cc423037b
    Fix minor spelling/grammar issues Matt Borja 2025-05-14 08:11:40 +00:00
  • ae6cac57f1
    Update headings: - Fix heading level for Stage 3 - Assign sub-headings Matt Borja 2025-05-14 08:04:29 +00:00
  • c0690e1c4c
    Import and cleanup notes for distribution Matt Borja 2025-05-14 07:51:20 +00:00
  • ece9752967
    Merge pull request #501 from drduh/wip-09may25 master drduh 2025-05-11 23:56:11 +00:00
  • 7473d2e0d8 reuse key list for id/fp drduh 2025-05-10 17:59:19 -07:00
  • 04dbdf35c3 label each step drduh 2025-05-10 17:47:40 -07:00
  • d66ac5381f delint and print id strings drduh 2025-05-10 17:25:26 -07:00
  • f48c9fa3ee finish by printing certify and encrypt passphrases drduh 2025-05-10 17:08:04 -07:00
  • e457f04982 set passphrases function drduh 2025-05-10 16:57:30 -07:00
  • 1064d2e742 print configured id/key attributes drduh 2025-05-10 16:45:23 -07:00
  • 4fe4b8c157 temp dir and label functions drduh 2025-05-10 16:40:00 -07:00
  • cbd39ffbb0 save mats functions drduh 2025-05-10 16:31:51 -07:00
  • 1ab20d5fea gen key functions drduh 2025-05-10 16:27:14 -07:00
  • f2c4ca3e68 get pass function drduh 2025-05-10 16:21:48 -07:00
  • 4624d096a8 script generate commands drduh 2025-05-09 17:01:19 -07:00
  • a7b9a972c5
    Merge pull request #497 from mattborja/readme-gpgsign drduh 2025-05-06 23:55:03 +00:00
  • 0c30e143bf
    Update instructions for commit signing Matt Borja 2025-05-05 04:31:46 +00:00
  • b822d411aa
    Merge pull request #493 from drduh/wip-24apr25 drduh 2025-04-27 23:45:17 +00:00
  • a42d48cf68 a few more formatting fixes drduh 2025-04-24 20:07:41 -07:00
  • d7bb1a39e0 mention how to wrap double quotes to fix #492 drduh 2025-04-24 19:47:29 -07:00
  • 97cd88bf3f more grammar and alignment formatting drduh 2025-04-24 19:39:29 -07:00
  • dc9a0eb903 tidy formatting, align table drduh 2025-04-24 19:21:56 -07:00
  • 6552e8946d options to modify passphrase length, group size and delimiter drduh 2025-04-24 19:07:21 -07:00
  • 3912fc0f20
    Merge pull request #490 from drduh/wip-20apr25 drduh 2025-04-22 00:30:37 +00:00
  • 7d83cf9f13 update config refs drduh 2025-04-20 13:08:55 -07:00
  • 08cb724eab update nix readme reference to fix #486 drduh 2025-04-20 13:03:49 -07:00
  • 65f8efca51
    Merge pull request #488 from drduh/wip-19apr25 drduh 2025-04-20 19:00:25 +00:00
  • a2dd896d5c login card attr appears mandatory, fix #461 drduh 2025-04-19 09:16:03 -07:00
  • f92fdd5a2e include windows gpg-agent option to fix #455 drduh 2025-04-19 09:09:57 -07:00
  • 8c4d80d4af
    Merge pull request #485 from drduh/wip-13apr25 drduh 2025-04-15 03:01:42 +00:00
  • f22d1c7e78 update and prefer explicit expiration dates drduh 2025-04-13 16:42:40 -07:00
  • 4f1dc6239f collapse additional uids details drduh 2025-04-13 16:37:26 -07:00
  • 5bce454a4c
    Merge pull request #484 from drduh/wip-12apr25 drduh 2025-04-13 23:00:14 +00:00
  • f008766778 move revocation cert to footnotes drduh 2025-04-12 10:50:18 -07:00
  • 2cc0c10777 update gpg conf refs drduh 2025-04-12 10:31:37 -07:00
  • 5fb7799f21 include gpg configs drduh 2025-04-12 10:27:19 -07:00
  • d7428c1290 organize nixos files drduh 2025-04-12 10:22:46 -07:00
  • 82d6f2aca1 organize scripts drduh 2025-04-12 10:17:18 -07:00
  • 68201047a8 update template refs drduh 2025-04-12 10:11:58 -07:00
  • 2284a40092 organize passphrase templates drduh 2025-04-12 10:08:07 -07:00
  • 2d20dace7c explicit pubkeys instruction drduh 2025-04-12 10:07:10 -07:00
  • 370b170aee
    Merge pull request #478 from Kyshman/kysh-changes drduh 2025-04-12 17:02:04 +00:00
  • ab5d3b7fc8
    Merge pull request #483 from drduh/wip-10apr25 drduh 2025-04-12 17:00:08 +00:00
  • 16550af94c
    Remove reference to EOL tool - Yubikey-Managet-QT Kysh 2025-04-12 14:35:05 +03:00
  • acdcb192bb
    Merge branch 'drduh:master' into kysh-changes Kysh 2025-04-12 13:46:34 +03:00
  • d659595a97 copy of debian live image signing key drduh 2025-04-10 18:25:02 -07:00
  • b81df9c93c simplify debian image urls drduh 2025-04-10 18:13:22 -07:00
  • c341c08c95
    Merge pull request #482 from drduh/wip-07apr25 drduh 2025-04-09 00:53:00 +00:00
  • 0d3da84bc0 patch remaining tips drduh 2025-04-07 17:47:16 -07:00
  • a6aa556c28 format more markdown alerts drduh 2025-04-07 17:42:04 -07:00
  • 9c8f8697fa
    Merge pull request #481 from drduh/wip-06apr25 drduh 2025-04-07 00:01:06 +00:00
  • b5ab51d847 patch warning/cautions drduh 2025-04-06 14:53:26 -07:00
  • c91fe7a974 patch notes drduh 2025-04-06 14:50:46 -07:00
  • 71b4bf1061 use alerts markdown extension drduh 2025-04-06 14:45:35 -07:00
  • 0b018bf5ef
    Merge pull request #480 from drduh/wip-05apr25 drduh 2025-04-06 20:37:24 +00:00
  • 4d205381d5 add nist password strength footnote drduh 2025-04-05 13:56:21 -07:00
  • 25ab9ee323 rename to text file drduh 2025-04-05 13:37:07 -07:00
  • 2529454e11 passphrase csv format to html drduh 2025-04-05 13:27:19 -07:00
  • 7b2f4c96c9
    Merge pull request #479 from drduh/wip-03apr25 drduh 2025-04-05 01:00:14 +00:00
  • 8fadd47f37 refactor passphrase template html drduh 2025-04-03 18:38:26 -07:00
  • 9ff60ea8c5
    Update README.md Kysh 2025-03-30 19:51:37 +03:00
  • 466649f728
    Merge pull request #476 from drduh/wip-16mar25 drduh 2025-03-17 15:44:36 +00:00
  • 992d68d807 shorter temp dir names drduh 2025-03-16 14:15:22 -07:00
  • 6d84aae08d update config urls drduh 2025-03-16 14:07:20 -07:00
  • 3ab143b4c1
    Merge pull request #475 from dennisxtria/master drduh 2025-03-03 23:08:20 +00:00
  • bea464f75d
    Merge pull request #471 from meonkeys/patch-1 drduh 2025-03-03 23:06:54 +00:00
  • 5d98fdeaba
    chore(README): removed double quotes in exporting GPG_TTY env variable Dennis Triantafyllis 2025-02-27 19:39:12 +02:00
  • 30054aadab
    Update README.md for Arch package installation Kysh 2025-02-19 22:31:25 +03:00
  • fcd28fe97b
    Update README.md section SSH for MacPorts Kysh 2025-02-08 00:46:42 +03:00
  • 9c23d5933d
    Update README.md added macOS with MacPorts to usage section Kysh 2025-02-08 00:26:24 +03:00
  • 807b972302
    Update README.md to include setup via MacPorts for macOS Kysh 2025-02-07 22:30:25 +03:00
  • 24c91cd532 fix sed in generate passphrase Angelos Stylianidis 2025-01-13 00:39:39 +02:00
  • 6c77d5dbe6
    ensure newline is expanded Adam Monsen 2025-01-12 06:43:45 -08:00
  • 219423db05
    Merge pull request #468 from jmzagorski/docs/wsl-usbipd-win-lib drduh 2025-01-01 20:09:41 +00:00
  • dd563fbea1
    Merge ebbc31c4d4 into 166f838a43 Jason N. White 2024-12-31 12:55:17 -06:00
  • ebbc31c4d4
    Update LICENSE, fix license year JasonnnW3000 2024-12-31 13:55:08 -05:00
  • 66ceba96bd
    docs(wsl): Add usbipd in WSL setup Jeremy 2024-12-21 10:41:56 -05:00
  • 166f838a43
    Merge pull request #464 from forbytten/add_uids_issue_445 drduh 2024-12-09 00:13:47 +00:00
  • 60748330ed
    Merge pull request #467 from FlakM/patch-1 drduh 2024-12-09 00:12:48 +00:00
  • 4091e2869c
    Update README.md typo Maciej Flak 2024-12-03 13:43:32 +01:00
  • 7d0826166f Fixed formatting to conform to existing conventions forbytten 2024-11-21 08:10:18 +00:00
  • 33f572768b Addresses [Missing section for adding uids](https://github.com/drduh/YubiKey-Guide/issues/445) forbytten 2024-11-21 05:21:59 +00:00
  • dea24f4fa0
    Merge pull request #463 from forbytten/gpg_passphrase_fd_0 drduh 2024-11-03 18:21:56 +00:00
  • 9054f8fcbf
    Merge pull request #462 from xty/patch-1 drduh 2024-10-31 19:31:48 +00:00
  • 32e58e122f Passphrase now passed to gpg from stdin via the --passphrase-fd 0 option instead of via the --passphrase option. The latter exposes the passphrase to observation by other processes on the system and the gpg man page includes a disclaimer for it: Don't use this option if you can avoid it. Although the README recommends a single user, ephemeral Debian Live environment, users may choose to ignore that recommendation so it seems best to protect them from themselves where possible. forbytten 2024-10-26 02:51:35 +00:00
  • 1c24f9c443
    Fix grammar mistake in passage about polkit rules XTY 2024-10-17 07:58:34 +08:00
  • e218607c1f
    Merge pull request #458 from drduh/18aug24 drduh 2024-08-18 19:00:22 +00:00