[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Health-dev] Build encyption example into live-CD?

From: Luis Falcon
Subject: Re: [Health-dev] Build encyption example into live-CD?
Date: Tue, 25 Nov 2014 10:09:51 +0000

Hi Emilien !

On Mon, 24 Nov 2014 05:24:25 -0600
Emilien Klein <address@hidden> wrote:

> 2014-11-21 3:40 GMT-06:00 Axel Braun <address@hidden>:
> [...]
> > But back to the original question....obstacles against a demo-key?
> Shipping crypto keys, in particular if private keys is involved, isn't
> good practice.
> It should be shipped only if it would render the system unusable out
> of the box, as e.g. the RaspberryPi image's keys for the SSH server.
> If they didn't ship the keys with the image, you wouldn't be able to
> connect to it via SSH the first time you boot, and for people that run
> headless/keyboardless installs (as I do) it would render the system
> unreachable. The recommended approach is to regenerate the keys after
> the first log in [0].
> For GNU Health's live CD, if possible the keys should be generated on
> the fly the first time it is run.

Thanks for your input !

This key-pair is *not* related to the server. It will be associated
with the user using the client.

In the case of the demo live CD, where the user will have both client
and server in the same box maybe we can just call gpg to generate the
keypair for the user after the installation .

We can also instruct the user how to create it ( basically gpg
--gen-key ) , which I think it would be the best.

In any case, as I am doing in the documentation for the crypto module,
a "crash course" in public cryptography should be given to anybody that
wants to use this functionality. It's essential that the end user
knows the basic concepts behind public-key cryto / signing /
encrypting . A great place to start is the very GPG guides[1], at

So, summing up... Axel, can you make the call for gpg --gen-key after
the installation for the gnuhealth user that will be starting the
Tryton client ? I think it would be the best and easiest solution. 


reply via email to

[Prev in Thread] Current Thread [Next in Thread]