gpg

Extending GPG Expiry

If you followed my last article on this subject, you have a GPG setup without the master private key on your computer. You also put an expiration date on that key. When your key expires, it can no longer be used to encrypt data for you. It can however still decrypt messages from prior to the expiry date. This does not help in the situation where your private key is compromised.

JetBrains and GPG

I encountered some issues running WebStorm and I think I finally solved them. This was an annoying bug that was a mix of WebStorm and OSX behavior that I didn’t ask for. TODO: Pinentry Image This is the prompt that you get on OSX running Pinentry. I was getting this randomly all throughout the day just running JetBrains products. That’s really annoying. You can see that WebStorm is trying to run git-upload-pack when I get the Pinentry prompt, and that is what triggered it.

GPG for SSH

I’m using the gpg-agent in place of the ssh-agent. I think this is a very interesting use because it eliminates the need for me to store my ssh key as a flat file: ssh-add -l 4096 SHA256:rsOIZD3XP+Tvj+l5xrbRnxgvdg2qKL5agAxzPLT5rao (none) (RSA) 2048 SHA256:U6ETCKbdPbvgPMSjePS0jrGR3yMdhF9NC6MUHItynJc /Users/admin/.ssh/splice-dcos.pem (RSA) ... You can see here that the top key is one that is generated by GPG and not associated with any particular file. That being said, I still have to use SSH keys that are given to me for work.

Airgapped GPG

Airgapping GPG Airgapped Media Format I’ll save you the explanation of what GPG is. First thing I needed was a USB stick that would be compatible with Arch and MacOS. This fight is always interesting and I would rank the better operating system as the one that can comprimise on the filesystem. Naturally, insert the USB stick in the MacOS and format it as a Journaled HFS+ partition because we can install the driver on Arch.