Show Source

Security

A Linux Virtual U2F Device

Using UHID it’s possible to emulate a U2F HID device entirely in userland. It would be great if such a thing existed using PGP keys to guard the individual secret keys ala the key-wrapping game played by Yubico (https://www.yubico.com/2014/11/yubicos-u2f-key-wrapping/).

GnuPG Agent Assuan Proxy

The GnuPG gpg-agent currently has a rather janky notion of an extra socket which is less privileged than the main socket. Instead, an assuan proxy could attenuate the privilege of the main socket in a way that is different than the functionality within the agent, notably, for example, by requiring explicit confirmation of keys used through the lower-privileged proxy.