A lot of new hardware security keys (Yubikey, Nitrokey, Titan, etc.) now support FIDO2 (aka U2F aka Webauthn aka Passkey; yes it’s a mess). So does OpenSSH. This spells good news for us, because it is far easier to use than previous hardware security types (eg, PKCS#11 and OpenPGP) with ssh. A key benefit of all this, if done correctly, is that it is actually impossible to access the raw SSH private key, and impossible to use it without the presence of the SK and a human touching it.| www.complete.org
Like the process described in Encrypting Filespooler Jobs with GPG, Filespooler can handle packets Encrypted with Age (Encryption). Age may be easier than GnuPG in a number of cases, particularly because it can use a person’s existing SSH keypairs for encryption. This process is fundamentally quite similar to handling encryption with GnuPG: we’ll be adding an encryption command in the pipe after prepare, and adding a decoder to the queue processing commands.| www.complete.org
GnuPG (also known by its command name, gpg) is a tool primarily for public key Encryption and cryptographic authentication. Homepage: https://www.gnupg.org There is a lot of material about GnuPG out there, so I won’t be duplicating it all here. But, I do have some more unique contributions for those familiar with GnuPG: There are alternatives to gpg/gpgv that may be useful in some cases: Age (Encryption) for encryption and signify for authentication.| www.complete.org