[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Health-dev] Build encyption example into live-CD?
From: |
Axel Braun |
Subject: |
Re: [Health-dev] Build encyption example into live-CD? |
Date: |
Fri, 21 Nov 2014 10:40:40 +0100 |
Hi Luis,
[...]
> > This requires the creation of a GnuPG set of keys, and shipping of
> > the secret key in the Live-CD.
> >
> > So far no problem, but I dont have a clear opinion if it is a good
> > idea to ship a secret key with password. Both is requierd, no doubt,
> > and I would clearly mark this key as 'demo'. Is there a potential for
> > abuse?
>
> The GNU PG key pair is at the client side, so we should be OK for
> signing / validating documents.
..on the live-CD, client and server run in the same environment :-)
> So, we shouldn't need to ship / generate key pairs for GnuPG. What I
> would do is to make sure that GPG and it's related python library .
No problem.
> For the 2.8 version (Tryton 3.4), the gnuhealth installation program
> call the "serverpass" script, that tightens security using cracklib and
> encrypts the master server password.
Yes, but thats for the server password and does not help an unexperienced user
to generate a pair og PGP-Kexs ad make use of it in the Demo-DB.
If you done it before, PGP key generation is a piece of cake, but dont forget -
you are developer. If you are new to the encryption stuff it sounds more like
'OMG, whats that about?', and has some potential to fail.
Even for Pro's (little note: Germany's HASPA, a bank in the northern part, was
proud to introduce PGP encryption to end customers...until someone made them
aware that all their keys are invalid - missing self-signature).
But back to the original question....obstacles against a demo-key?
Cheers/Axel