X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=doc%2FREADME;h=544465f27aed9f144c21f52681fa07235acebe09;hb=655253c594a8b184fcf1bd250651c76ebadf105c;hp=684f524100698642664d79a652b75f52fbb79b8e;hpb=5001c4b2f12540425be9e74c84beba3096981b21;p=monkeysphere.git diff --git a/doc/README b/doc/README index 684f524..544465f 100644 --- a/doc/README +++ b/doc/README @@ -2,15 +2,16 @@ Monkeysphere User README ======================== You don't have to be an OpenSSH or OpenPGP expert to use the -Monkeysphere. However, you should be comfortable using secure shell and -you should already have GnuPG installed and an OpenPGP key pair before -you begin. +Monkeysphere. However, you should be comfortable using secure shell +(ssh), and you should already have GnuPG installed and an OpenPGP key +pair before you begin. As a regular user on a system where the monkeysphere package is installed, you probably want to do a few things: -Keeping your keyring up-to-date -------------------------------- + +Keep your keyring up-to-date +---------------------------- Regularly refresh your GnuPG keyring from the keyservers. This can be done with a simple cronjob. An example of crontab line to do this is: @@ -66,6 +67,7 @@ can establish that they are setup correctly. The remaining steps will complete the second half: allow servers to verify you based on your OpenPGP key. + Setting up an OpenPGP authentication key ---------------------------------------- @@ -82,23 +84,60 @@ gpg --list-secret-keys The first line (starting with sec) will include your key length followed by the type of key (e.g. 1024D) followed by a slash and then your keyid. + Using your OpenPGP authentication key for SSH --------------------------------------------- -Once you have created a OpenPGP authentication key, you can feed it to -your ssh agent by running seckey2sshagent (currently this is found in -the src directory). Please run: +Once you have created an OpenPGP authentication key, you will need to +feed it to your ssh agent. + +Currently (2008-08-23), gnutls does not support this operation. In order +to take this step, you will need to upgrade to a patched version of +gnutls. You can easily upgrade a Debian system by adding the following +to /etc/apt/sources.list.d/monkeysphere.list: + + deb http://monkeysphere.info/debian experimental gnutls + deb-src http://monkeysphere.info/debian experimental gnutls + +And then adding the following to /etc/apt/preferences: + + Package: libgnutls26 + Pin: release o=The MonkeySphere Project + Pin-Priority: 990 -./seckey2sshagent --help + Package: libgnutls26-dbg + Pin: release o=The MonkeySphere Project + Pin-Priority: 990 -And read the directions - particularly the part about being dropped into -a gpg edit session. This is a work in progress! + Package: gnutls-bin + Pin: release o=The MonkeySphere Project + Pin-Priority: 990 -NOTE: the current version of openpgp2ssh does *not* deal well with -encrypted keys (as of 2008-07-26) + Package: gnutls-doc + Pin: release o=The MonkeySphere Project + Pin-Priority: 990 + + Package: guile-gnutls + Pin: release o=The MonkeySphere Project + Pin-Priority: 990 + + Package: gnutls-dev + Pin: release o=The MonkeySphere Project + Pin-Priority: 990 + +Next, run `aptitude update; aptitude install libgnuttls26`. + +With the patched gnutls installed, you can feed your authentication sub +key to your ssh agent by running: + + monkeysphere subkey-to-ssh-agent + +You may want to add this command to your ~/.xsession file so it is run +automatically everytime you login. FIXME: using the key with a single session? + Miscellaneous -------------