roughconsensusandrunningcode/pgpcontrol
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pgpcontrol/README.sequoia.md
Fabrizio Tarizzo a028c9e36c initial support for sequoia-sq
2024-12-21 15:41:14 +01:00

63 lines
No EOL
2.2 KiB
Markdown
Raw Permalink Blame History

**Experimental** support for [Sequoia PGP](https://sequoia-pgp.org/) in authentication of Usenet control messages.
Usage in production is not recommended, especially for verification.
Code reviews, comments and feedback from hierarchy admins and news server admins
are welcome.
Developed with `sequoia-sq` 1.0.0 installed with `cargo` on Debian "trixie".
If you are new to Sequoia PGP command line, please see [user guide](https://sequoia-pgp.gitlab.io/user-documentation/about_sequoia.html)
and [manpages](https://sequoia-pgp.gitlab.io/sequoia-sq/man/sq.1.html).
# Using sequoia for signing
Import (`sq key import`) your secret signing key in the sequoia keystore.
Old PGP 2.x keys are not supported, if you still use such a key please upgrade to
a modern key.
Then, edit `signcontrol` as follows
```
my $pgpsigner = 'INSERT_YOUR_FINGERPRINT_OR_USERID';
# Path to sequoia-sq executable.
# A version that supports CLI 1.0.0 is required
# The program name needs to end in sq
my $pgp = "/usr/local/bin/sq";
# set other configuration variables as usual
```
# Using sequoia for verification
Import (`sq cert import`), verify and trust (`sq pki link add`) hierarchy admins
public signing keys in the sequoia certificate store (see [PGPKEYS](https://ftp.isc.org/pub/pgpcontrol/PGPKEYS)
in the ISC ftp site).
Please note that many hierarchy admins still use old PGP 2.x keys. These keys
have been deprecated since 2007 (RFC 4880) and are not supported by Sequoia or
other modern OpenPGP implementations. We urge hierarchy administrators to update
their signing keys.
Then, edit `pgpverify` as follows
```
# Path to sequoia binary.
# A version that supports CLI 1.0.0 is required
$sq = '/usr/local/bin/sq';
# Set this if you want to support old signatures with
# MD5 or SHA-1 digest algorithms and/or RSA < 2048 bits
# See the `sq config inspect policy' command and the
# `--policy-as-of' flag in the sq manpage
# Please note that sequoia DOES NOT support old PGP 2.x
# keys.
# $sq_policy_as_of = '19970101';
# comment $gpg, $gpgv and $pgp lines
# Set the absolute path to your sequoia home directory
# (see the --home flag in sq manpage)
$keyring = '/path/to/your/sq/home';
# set other configuration variables as usual
```
Reference in a new issue View git blame Copy permalink