This project forked from nyarly/simplekey
Easy GnuPG, shell scripts to make GnuPG more accessible and easier to use. (Migrated to: https://gitlab.com/EasyGnuPG/egpg)
License: GNU General Public License v3.0
The output of the following line has changed across gnupg 2.1 and gnupg 2.2
Line 69 in 64859be
This now(gnupg 2.2) lists the fingerprint of the sub key also which causes problem in the name of revocation certificate and others.
Refer EasyGnuPG/pgpg#9
Try using Docker, similar to what letsencrypt does, to make sure that it is really platform independent (no worries anymore wether you run it on centos or ubuntu, etc.) This can also allow using the latest version og gpg2 (for example by compiling it from the code).
However I am not sure whether it is going to work well. For example pinentry may be a challange.
Read these books/guides:
You will need these skills to read and understand the existing code of egpg.
Some url links on the new website refer to the old project or old website:
They need to be updated.
I feel your wiki has a typo (but perhaps this is still a work in progress, not sure, so just wanted to mention it); you have written:
Try first: egpg key gen
or: egpg key fetch
user@laptop:~$ egpg key-gen [email protected] "Test User"
'key-gen' doesn't work. i'll post more i come across.
Note: the key generation(+ fetch, recover etc.) commands are offered at first usage when key is not found and not here. As currently using only one key as per egpg's current structure.
We may need to include other commands here if we use multiple keys in future.
They work for the root user but fail for the developer user.
I have localized the problem to this error:
$ gpg --list-secret-keys
gpg: can't connect to the agent: IPC connect call failed
When it is called with sudo it works:
$ sudo gpg --list-secret-keys
gpg: WARNING: unsafe ownership on homedir '/home/developer/.gnupg'
/home/developer/.gnupg/pubring.kbx
----------------------------------
sec rsa4096/18D1DA4D9E7A4FD0 2016-05-14 [SC] [expires: 2026-07-27]
A9446F790F9BE7C9D108FC6718D1DA4D9E7A4FD0
uid [ultimate] Test 1 <[email protected]>
ssb rsa4096/12A2B2669B636DD4 2016-05-14 [E] [expires: 2026-07-27]
Describe how the application should look and work, using also
mockup interfaces created with Pencil: https://pencil.evolus.vn/
Continue working on this: https://github.com/EasyGnuPG/egpg/blob/gnupg-2.2/docs/gui-description.md
These test fail on bionic container (branch gnupg2.2)
refer EasyGnuPG/pgpg#9
t51
not ok 8 - egpg contact ls -c
#
# [[ $(egpg contact ls -c | grep fpr) == "fpr:::::::::A9446F790F9BE7C9D108FC6718D1DA4D9E7A4FD0:" ]] &&
# [[ $(egpg contact ls --colons | grep fpr) == "fpr:::::::::A9446F790F9BE7C9D108FC6718D1DA4D9E7A4FD0:" ]]
#
I think that the best option is YAD:
If some interface cannot be constructed with yad, we can use GTK+Python directly:
Scripting:
Autotesting:
settings for gui
If contact does not exist, search for it online.
Is it possible to create a simple GUI on top of egpg, like this one: https://github.com/guelfoweb/easygpg ?
GPG gets the expiration time as an interval of time from now. If you want to set the expiration time by date (for example to coincide with your birthday), you have to calculate manually the number of days. This is not very user-friendly (let the computer do the calculation).
Try to write some external commands (scripts) that automate some best practices or common tasks that are recommended on the most popular GPG tutorials:
It should be adapted to work well with GnuPG-2.2
It should be useful to study the latest changes on GnuPG-2.2 (compared to GnuPG-2.1), and the latest version of the GnuPG docs, in order to check that maybe some of the things that EasyGnuPG tries to simplify are already simplified by GnuPG itself. This would make the code of EasyGnuPG lighter, less tricky, etc.
On cmd_init we set the configuration of gpg-agent to pinentry-program /usr/bin/pinentry-tty. Maybe the initialization for the GUI case should be a bit different (for example if we run egpg gui init instead of egpg init).
In this case the package pinentry-gtk2 or pinentry-gnome3 becomes a dependency.
Or maybe we can add the configuration of pinentry on Setting, so that the user can choose which one to use.
Put the scripts or source files under the directory deb/ or something like this.
Include a README.md file with instruction on how to build the DEB package and how to install it (I guess it is just dpkg -i egpg-2.1-0.deb).
If we publish these deb files (egpg-2.1-0.deb and egpg-2.0-0.deb), for example at releases, or at the website of the project, probably we also need to sign them. Some instructions on signing and verifying them could be useful.
On the file config.sh we need to save a label as well. This is useful for the GUI case but also for the command line. The purpose of this label is to help the user distinguish clearly and easily one key from another (in a scenario when he may need to use more than one key). For example he may use one key for communicating with work colleagues, another one for communicating with friends, and a third one for communicating with family members. Each of these keys lives in a different context (homedir). Normally the user should be able to distinguish them from each-other by the key id (or fingerprint). However this is more difficult and error prone than distinguishing them by a simple and user friendly label.
Maybe we should also allow the user to switch easily the context of egpg from the GUI.
the test fails probably because the sample test key in the directory has expired and cannot be imported
(This even fails on gnupg2.1 branch on testing on local computer)
egpg-bionic root@egpg-bionic:/host/egpg/tests/trash directory.t03-init
==> # egpg key fetch
gpg: WARNING: unsafe permissions on homedir '/host/egpg/tests/trash directory.t03-init/.gnupg'
debug: /usr/bin/gpg2 --quiet --status-fd=2 --homedir=/host/egpg/tests/trash directory.t03-init/.egpg/.gnupg --list-secret-keys --with-colons
Importing key from: /host/egpg/tests/trash directory.t03-init/.gnupg
debug: /usr/bin/gpg2 --quiet --status-fd=2 --homedir=/host/egpg/tests/trash directory.t03-init/.gnupg --list-secret-keys --with-colons
gpg: WARNING: unsafe permissions on homedir '/host/egpg/tests/trash directory.t03-init/.gnupg'
[GNUPG:] KEYEXPIRED 1465906006
debug: /usr/bin/gpg2 --quiet --status-fd=2 --homedir=/host/egpg/tests/trash directory.t03-init/.gnupg --list-keys --with-colons 18D1DA4D9E7A4FD0
gpg: WARNING: unsafe permissions on homedir '/host/egpg/tests/trash directory.t03-init/.gnupg'
[GNUPG:] KEYEXPIRED 1465906006
[GNUPG:] KEY_CONSIDERED A9446F790F9BE7C9D108FC6718D1DA4D9E7A4FD0 0
No valid key found.
Create a python script called gpg-sign.py which takes as arguments the key and the file to be signed and signs it using GPGME functions, in a similar way to this command:
Then replace the command above with a call to the script gpg-sign.py.
'egpg key delete' does not ask for confirmation now, It also deletes $GPG_KEY by default if parameter($1) is empty, it would be better if we ask for a confirmation.
There is a still following notice on the readme of gnupg-2.2 branch that is not relevant after transfer
Note: This repository has been moved to: https://github.com/EasyGnuPG/egpg
Just a request to essentially use ~/.config/egpg rather than ~/.egpg by default. GPG is obviously unlikely to switch for backwards compatibility, but egpg is a new tool, so would be nice to not clutter the user's HOME.
[ -n "$XDG_CONFIG_HOME" ] || XDG_CONFIG_HOME="$HOME/.config"
EGPG_DIR=$XDG_CONFIG_HOME/egpg
https://specifications.freedesktop.org/basedir-spec/basedir-spec-0.6.html
Try to integrate with other applications, for example with one or more file managers, one or more mail clients, LibreOffice, etc.
This is an open task. It can be a topic for other GSoC projects.
This can help with solving and installing dependencies automatically, etc.
Find out how to configure mutt, alpine, gnus, etc. for working with egpg.
Add some instructions about them in the wiki: https://github.com/dashohoxha/egpg/wiki
use proper parents for all gui windows/messages so that child gets killed automatically if the parent is closed
Some coarse implementation tasks:
Centos 7.2.x
Init produces:
~]# egpg init
Cannot find command file: /usr/lib/egpg/cmd/init.sh
Seems like a typo somewhere adding an extra '' in there.
when running key gen, it asks for passphrase, accepts it, creates the key, and then pinentry appears asking for your key to unlock the secret key, but hangs there and doesn't accept any input.
again, centos 7 with stock gpg and associated tools / deps installed.
There should be support for various other shells the user may use such as fish, zsh etc.
The shell can be identify via getent passwd $LOGNAME | cut -d: -f7 and per shell config can be appended to the respective rc file.
GUIdescription.md after the basic GUI is complete.Is it possible to exchange keys privately with your friends, using SafeSlinger or a method similar to it? This is sharing keys safely with your friends, without sending them to the keyserver network.
See also this: SafeSlingerProject/SafeSlinger-Android#143
If I press Ctrl+C (SIGINT) at the password prompt of gpg under egpg seal, a .sealed file is created which is empty as well as the original file is deleted.
Though pressing Ctrl+D works fine.
Similar is the case with egpg sign
Terminal doesn't seem to work properly after this.
In case of no key found egpg displays
No valid key found.
Try first: egpg key gen
or: egpg key fetch
or: egpg key restore
or: egpg key recover
The gui should offer the support of the parallel commands for key generation
Use Secret Sharing to make private key management easier and more reliable. This would envolve storing a partial key on the local PC/laptop where the work (sign/decrypt) is normally done, and storing a second partial on a portable media (usb). So, without the dongle (usb) the key cannot be used. But the dongle alone is not sufficient for using the key (for example if it used in a different PC/laptop).
To protect against key loss (for example when the dongle or the laptop is lost), we also generate a third partial key and store it in a backup media. This backup media can be a usb device locked in a safe. However it is also Ok to store it in the cloud (for example I am using Google Drive to store my data). We can also store the third partial in two different backup media (for example both on usb and on cloud).
In terms of egpg commands and options it could be decsribed like this:
When generating a new key use the option --split like this: egpg key gen --split
Without the option --split the command will have the normal behaviour of just generating a new key pair. With --split it will require a dongle to be present, otherwise it will fail. After generating the key pair, it will split the private key into 3 shares, will save one partial key locally (on the keyring), one on the dongle, and one on private-key-backup.tgz, and then will erase the private key. It is the responsibility of the user to store private-key-backup.tgz on a proper backup device (cloud, usb or whatever).
When an operation that needs the private key is requested (either sign or decrypt), if only a partial key is available (not the whole private key), then the presence of the dongle will be required. Then the partial key of the dongle will be combined with the local partial key in order to reconstruct the private key, the private key will be used to complete the operation, then the private key will be erased.
Assuming that the dongle or the laptop has been lost (one of the partial keys has been lost), we should be able to recover the private key like this: egpg key recover --backup-file=private-key-backup.tgz
This will get the partial key from private-key-backup.tgz, will get another partial key from the dongle or from the local key ring, will reconstruct the private key, will generate three other partial keys, will save one of them on the local key ring (replacing the old partial, if it is there), will store the second one on the dongle (replacing the old partial if it is there), will store the third partial on the file private-key-new-backup.tgz (and will delete private-key-backup.tgz), and finally will erase the private key. Then, it is the responsibility of the user to store the file private-key-new-backup.tgz on the backup device (cloud or usb).
The user can have an option (command) to convert an existing solid key to a split key. It will save a partial key on the dongle, a partial key on the key-ring, and a third partial on a backup file. Then erase the solid private key from the key-ring. The reverse should also be possible: converting a split key into a solid key.
Tools that can be used for key spliting:
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.