Opportunistic SSH agent
Classified in : Homepage, Debian, Command line, Lazyweb
To use an SSH agent, one usually has to:
- launch the agent;
- add his key to it.
The first step can be automated in the desktop or shell startup script (this is a typical use case for login shell-only startup scripts, by the way), but the second one cannot if your private key is protected by a passphrase.
PGP signatures with trust and verification level
Classified in : Homepage, Debian, To remember
Identity checks and trust
The OpenPGP web of trust is composed of keys linked to each other by two things:
- identity checks: signing a key means that you verified the link between a key with user IDs, an official identity document with a photograph, and a person with a face;
- trust: on your public key ring, you manually decide who you trust to correctly check other people's identity.
With these two pieces of information, GnuPG is able to determine whether or not the key of someone you never met can trusted to belong to its alleged owner.
Signatures
Signing a key is usually a binary action: either you sign it or you do not sign it. Thus your signature on a key will give other people a rough identity check information and no trust information at all.
In fact, the OpenPGP standard does allow to publish precise identity check and trust information on signatures, but unfortunately this is now enabled with GnuPG by default. These features are called certification level and trust signatures.