Newbie Questions Nitropad/Nitrokey

GoblinOS · January 4, 2024, 5:28am

Hello, I recently purchased a Nitropad with Ubuntu preinstalled and a Nitrokey and had a few questions that I wanted to see if anybody here could help me with.

First, I saw a few times that people on this support page and other places have mentioned “gpg2” quite a few times, and I checked and saw that on my Nitropad I only had the normal gnupg installed. Is there a significant difference, and should I install gnupg2 instead?
I also noticed that a few packages were installed through snap. Now, this is unrelated to Nitrokey, but I do know that snap packages are slighty more secure, using sandboxing in most cases. Are there certain types of programs it would be more secure for me to download through snap instead of APT? Or is it just personal preference?
Lastly, is there anything else I should install, configure, or the like on my new Nitropad? I don’t want to use it assuming everything has already been setup for me, and then miss something important.

I hope you can answer my beginner questions, and excuse any lack of knowledge I may have.
Thanks.

nku · January 4, 2024, 4:15pm

GnuPG2 is the successor to GnuPG and shares most of the same commands. It is more secure than its predecessor as it has moved sensitive operations to the gpg-agent and has improved support for smartcards and modern ECC cryptography. For the average user, the differences between the two versions are minimal. It is also quite easy to just switch to the newer version.
This is a matter of preference. While it is sandboxed, it all depends on the frequency of updates to the snap package (snap packages contain all the dependencies). Usually, security updates are better taken care of in the operating system. If you need most recent software, I (as an advanced user) would prefer Nix package manager. For maximum security I would stick to the currently supported OS packages without additional 3rd-party repositories.
If you have some administration skills, you could use tools like Ansible or shell scripts to configure your machine from scratch and backup your data e.g. to a Nitrokey Storage. That way, you could reset your machine from time to time and could use your scripts to rebuild and keep your workstation current.

saper · January 5, 2024, 10:54pm

Sandboxing/isolation is good if you do not need to connect various pieces of software together.

nku · January 6, 2024, 7:26am

There is NixOS and Nix Package Manager. The latter can run in parallel on most Linux systems. Devs use it to get a more recent version of a programming language or a webserver. It can be configured similar to NixOS.

saper · January 6, 2024, 11:24pm

I don’t know. If I were interested in this, I’d be running Qubes OS probably most of the time. (Now, for isolation, I run DomU’s on Xen on FreeBSD Dom0).

GoblinOS · January 9, 2024, 3:40am

Oh, ok fair enough. Thanks for your input anyways.

nku · January 9, 2024, 5:33am

This is a nice article describing how to define your workstation with Ansible.