Skip to content

Prefer sequoia-sq for the option of OpenPGP implementation#849

Merged
kachick merged 20 commits intomainfrom
sq
Oct 20, 2024
Merged

Prefer sequoia-sq for the option of OpenPGP implementation#849
kachick merged 20 commits intomainfrom
sq

Conversation

@kachick
Copy link
Copy Markdown
Owner

@kachick kachick commented Oct 16, 2024
edited
Loading

kachick
kachick commented Oct 16, 2024
View reviewed changes
Comment thread home-manager/packages.nix

# GPG
gnupg
edge-pkgs.sequoia-sq # Alt `gpg` - nixos-24.05 does not backport recent versions and the older requires to rebuild. https://github.com/NixOS/nixpkgs/pull/331099
Copy link
Copy Markdown
Owner Author

@kachick kachick Oct 16, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For context of replacing gpg, I need https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg.

Latest stable is NixOS/nixpkgs#349002, but I don't need to wait the binary cache. I guess I can implement settings with older version.

Copy link
Copy Markdown
Owner Author

@kachick kachick Oct 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated commit has been merged in 95cf173

@kachick kachick mentioned this pull request Oct 18, 2024
Merged
kachick added a commit that referenced this pull request Oct 18, 2024
@kachick
Switch back to ssh-agent from gpg-agent with setting $SSH_ASKPASS w…
2f3bec8 
…hich internally uses gpg (#852)

* Set $SSH_ASKPASS as same as $RCLONE_PASSWORD_COMMAND

* Switch back to ssh-agent from gpg-agent

This partially reverts GH-814
However ssh passphrase will be kept by the SSH_ASKPASS and gpg encrypted command

---

* Update how to realize #714 with partially reverting #814 with #817 direction
* Might be a preparation of GH-849

Since using gpg-agent, it does not remain and hard to handle SSH passphrase.
Instead of that, pass command internally uses gpg. It looks enough to me.
@kachick
Copy link
Copy Markdown
Owner Author

kachick commented Oct 18, 2024
edited
Loading

https://github.com/gopasspw/gopass or https://gitlab.com/timvisee/prs might be required to specify GPG path.

Because of pass in nixpkgs having many patches, overriding only gnupg is an annoy task.

https://github.com/NixOS/nixpkgs/blob/babe2c97edf3750d3924c1c5eaa1fe94ac94e8d8/pkgs/tools/security/pass/default.nix#L85
gopasspw/gopass#1116
https://github.com/gopasspw/gopass/blob/70c56f9102999661b54e28c28fa2d63fa5fc813b/docs/config.md?plain=1#L28
https://gitlab.com/timvisee/prs/-/issues/24

@kachick kachick changed the title Add sequoia-sq for an option of OpenPGP implementation Prefer sequoia-sq for the option of OpenPGP implementation Oct 18, 2024
kachick
kachick commented Oct 18, 2024
View reviewed changes
Comment thread home-manager/pgp.nix
#
# If you faced to decrypt error with gpg-sq, check it with `sq decrypt`. It displays error details.
# For example, `1: AEAD Encrypted Data Packet v1 is not considered secure`
# This is caused by encrypted non configured gpg for the AEAD. Disable it with showpref/setpref if you still use gpg.
Copy link
Copy Markdown
Owner Author

@kachick kachick Oct 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This operation is cannot be done with gpg-sq, because of --edit-key is not yet implemented https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg/-/issues/92

@kachick kachick mentioned this pull request Oct 18, 2024
Merged
kachick
kachick commented Oct 20, 2024
View reviewed changes
Comment thread home-manager/packages.nix Outdated
@kachick kachick mentioned this pull request Oct 20, 2024
Merged
@kachick kachick marked this pull request as ready for review October 20, 2024 08:43
@kachick kachick merged commit fb008ef into main Oct 20, 2024
@kachick kachick deleted the sq branch October 20, 2024 08:45
kachick
kachick commented Oct 20, 2024
View reviewed changes
Comment thread home-manager/packages.nix

pass
# Alt `pass` for password-store. Candidates: gopass, prs
gopass # They will respect pass comaptibility: https://github.com/gopasspw/gopass/issues/1365#issuecomment-719655627
Copy link
Copy Markdown
Owner Author

@kachick kachick Oct 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And #853 (comment)

kachick added a commit that referenced this pull request Oct 20, 2024
@kachick
Ensure gopass respects GOPASS_GPG_BINARY in encloded package
e108001 
Follow GH-849
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Replace GnuPG with Sequoia-PGP to improve compatibility against OpenPGP RFC 9580

1 participant

@kachick