Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prefer sequoia-sq for the option of OpenPGP implementation #849

Merged
merged 20 commits into from
Oct 20, 2024
Merged

Prefer sequoia-sq for the option of OpenPGP implementation #849

merged 20 commits into from
Oct 20, 2024
+49 −13

Conversation

kachick
Copy link
Owner

@kachick kachick commented Oct 16, 2024
edited
Loading

kachick
kachick commented Oct 16, 2024
View reviewed changes
home-manager/packages.nix
gnupg
edge-pkgs.sequoia-sq # Alt `gpg` - nixos-24.05 does not backport recent versions and the older requires to rebuild. https://github.com/NixOS/nixpkgs/pull/331099
Copy link
Owner Author

@kachick kachick Oct 16, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For context of replacing gpg, I need https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg.

Latest stable is NixOS/nixpkgs#349002, but I don't need to wait the binary cache. I guess I can implement settings with older version.

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated commit has been merged in 95cf173

@kachick kachick mentioned this pull request Oct 18, 2024
Merged
kachick added a commit that referenced this pull request Oct 18, 2024
@kachick
Switch back to ssh-agent from gpg-agent with setting $SSH_ASKPASS w…
2f3bec8 
…hich internally uses gpg (#852)

* Set $SSH_ASKPASS as same as $RCLONE_PASSWORD_COMMAND

* Switch back to ssh-agent from gpg-agent

This partially reverts GH-814
However ssh passphrase will be kept by the SSH_ASKPASS and gpg encrypted command

---

* Update how to realize #714 with partially reverting #814 with #817 direction
* Might be a preparation of GH-849

Since using gpg-agent, it does not remain and hard to handle SSH passphrase.
Instead of that, pass command internally uses gpg. It looks enough to me.
@kachick
Copy link
Owner Author

kachick commented Oct 18, 2024
edited
Loading

https://github.com/gopasspw/gopass or https://gitlab.com/timvisee/prs might be required to specify GPG path.

Because of pass in nixpkgs having many patches, overriding only gnupg is an annoy task.

https://github.com/NixOS/nixpkgs/blob/babe2c97edf3750d3924c1c5eaa1fe94ac94e8d8/pkgs/tools/security/pass/default.nix#L85
gopasspw/gopass#1116
https://github.com/gopasspw/gopass/blob/70c56f9102999661b54e28c28fa2d63fa5fc813b/docs/config.md?plain=1#L28
https://gitlab.com/timvisee/prs/-/issues/24

@kachick kachick changed the title Add sequoia-sq for an option of OpenPGP implementation Prefer sequoia-sq for the option of OpenPGP implementation Oct 18, 2024
kachick
kachick commented Oct 18, 2024
View reviewed changes
home-manager/pgp.nix
#
# If you faced to decrypt error with gpg-sq, check it with `sq decrypt`. It displays error details.
# For example, `1: AEAD Encrypted Data Packet v1 is not considered secure`
# This is caused by encrypted non configured gpg for the AEAD. Disable it with showpref/setpref if you still use gpg.
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This operation is cannot be done with gpg-sq, because of --edit-key is not yet implemented https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg/-/issues/92

@kachick kachick mentioned this pull request Oct 18, 2024
Merged
kachick
kachick commented Oct 20, 2024
View reviewed changes
home-manager/packages.nix Outdated Show resolved Hide resolved
@kachick kachick mentioned this pull request Oct 20, 2024
Merged
@kachick kachick marked this pull request as ready for review October 20, 2024 08:43
@kachick kachick merged commit fb008ef into main Oct 20, 2024
13 checks passed
@kachick kachick deleted the sq branch October 20, 2024 08:45
kachick
kachick commented Oct 20, 2024
View reviewed changes
home-manager/packages.nix

pass
# Alt `pass` for password-store. Candidates: gopass, prs
gopass # They will respect pass comaptibility: https://github.com/gopasspw/gopass/issues/1365#issuecomment-719655627
Copy link
Owner Author

@kachick kachick Oct 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And #853 (comment)

kachick added a commit that referenced this pull request Oct 20, 2024
@kachick
Ensure gopass respects GOPASS_GPG_BINARY in encloded package
e108001 
Follow GH-849
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Replace GnuPG with Sequoia-PGP to improve compatibility against OpenPGP RFC 9580
1 participant
@kachick