I am searching for a downloadable (Linux) ISO which i can burn to CDROM in order to have all the necessary tools on there to run on an air-gapped machine and to create and transfer GPG keys to multiple Nitrokey Pro devices. Is there anything out there which is recommendable? (preferrably with a verifyable ISO-checksum). I guess the nitrokey app would be the possible missing bottleneck on standard distros.
Thanks!
Hello!
For example you can use a Live-CD from Ubuntu, Linux Mint, Debian or any other distro which allows a âLive-Modusâ.
For me personally, the best variant turned out to be the use of a Raspberry Pi without an internet connection.
The Nitrokey app is not really necessary to create a key.
GnuPG recognizes the Nitrokey, when all needed modules are installed correctly on the system.
best regards
JĂźrgen
Hi microangelo and thanks for the reply!
As a said before i wanted to use an air-gapped machine, so âall needed modules installedâ is really the bottleneck possibly, as i wanted to make sure the private keys are only with the nitrokey plus the backup device. While the app of course is not necessary it still is needed to transfer the keys to the Nitrokey Pro, correct?
Hi @k33crypt!
Tails have GnuPG 2.2.12 installed out of the box. You can download it from here. This should provide properly configured OS.
Alternatively, if you do not want to run Tails or any other privacy oriented distro, you could download the packages and install them offline, as with this script (taken from [1]):
#!/bin/bash
folder=`mktemp -d`
packages="scdaemon libccid pcscd rng-tools"
cd $folder
for p in $packages; do
echo -e "\n====> downloading \"$p\""
apt download $p
apt-cache depends -i $p | awk '/Depends:/ {print $2}' | grep -v '^<' | xargs apt-get download
done
cd $OLDPWD
echo -e "\nPackages available in \"$folder\""
and later installed with:
$ sudo dpkg -i *.deb
In [1] you can read about packages verification on the receiving side. About the rng-tools
mentioned there you would need to investigate further, whether this would be required (mind the article is 3 years old, but probably yes).
[1] https://research.kudelskisecurity.com/2017/04/28/configuring-yubikey-for-gpg-and-u2f/
Edit: more about rng-tools
: https://wiki.archlinux.org/index.php/Rng-tools
1 Like
Hello @k33crypt!
First ⌠the hint of @szszszsz with tails is very good, i had this distro in mind but couldnt name it âthat quicklyâ.
Then⌠the Nitrokey App is NOT necessary to transfer key to Nitrokey Start/Pro. This is done with a simple command (âkeytocardâ) in GnuPG. The only requirement is, that the library âscdeamonâ and a few others are installed in the system you use.
best regards
1 Like