Open tiferrei opened 6 years ago
tiferrei
commented
6 years ago PS: I currently use a Yubikey for this, and was looking forward to replacing it with my iPhone. But I'd like to keep the same keys due to the trust people already have on them.
kcking
commented
6 years ago We realize the convenience of being able to import a private key, but in order to import a key, that key material must travel through your computer and at that point could be compromised. We have chosen to support only the simplest and most-secure workflow for codesigning for now (as most developers don't even have a PGP key).
Out of curiosity, what else are you using pgp keys for? We've seen some interesting use cases such as unix pass.
tiferrei
commented
6 years ago Hi, I use my PGP keys for the typical like email encryption, file encryption but also as SSH keys, I use it also to sign in to my Mac and as proof of identity with Keybase, and of course, to sign git commits.
balupton
commented
6 years ago Out of curiosity, what else are you using pgp keys for? We've seen some interesting use cases such as unix pass.
for the past several years, the only thing I've ever needed a GPG key was for code signing, so Krypton has been a large relief for me
However, for our latest work project, we have chosen to use https://github.com/StackExchange/blackbox - which is all GPG for this and that. So trying to figure out this GPG rabbit-hole now.
balupton
commented
6 years ago Ended up going with Keybase for GPG. As that seems to be their entire core strength.
Any idea how I can have Keybase say that my Krypton GPG key is verified?
agrinman
commented
6 years ago @balupton This is coming soon. You'll be able to sign arbitrary bytes with Krypton via a kr pgp-sign command. See here: https://github.com/kryptco/kr/pull/160. We pushed this back since we've been focusing on the Teams release, so we have to do a slight refactor + rebase to make this PR work.
For PGP encryption I'd recommend using your local gpg and just signing your encryption key with your Krypton key once the above PR is merged.
audibailey
commented
6 years ago I'm also looking to use Keybase with Krypton. How is this feature coming along?
As the title says, I'd like to be able to import a PGP key into my phone. Most smartcards support both creation and importing of private keys so I don't see how this would be a security issue. I'd also like to know if it'd be possible to use PGP subkeys. I have a main key id that never changes, and then subkeys that are delegated for each crypto operation. This way, if I need to change of key, it provides more credibility as I only have to change a subkey, and the primary key is the same. I'd like to know if this is possible, and if not, if there are any security risks in supporting this.
Thank you, Tiago