Jonas Maurus
Jonas Maurus
@antarcticrainforest Thank you! Yes, I did some maintenance work on the project to get it to a place where it can be updated :). I'll look into this next. From...
and indeed the tests fail... I can't look into that right now, but perhaps later this week.
(if you have time to look into it, that would also be appreciated ;) )
I have looked into this for a little bit and I have a theory why this happens, but no real solution right now. I can reproduce this error by commenting...
The ideal solution would be to replace the dependency to pycrypto (outdated, no longer supported) with pycryptodome which is a drop-in replacement for pycrypto that has wheels on pypi.
@fear1226 First you have to understand that there are multiple key pairs: * The certification keypair (that's the key id you see on a PGP key) * The signing keypair...
@fear1226 From what I wrote above: > Rotating an encryption key in PGP usually means: creating a new encryption keypair, signing it with the certification private key and marking the...
@lucaspwk I don't think the `--` belong in there at all. Off the top of my head your command-line should be: ``` vault write gpg/keys/test generate=false key=-
@LeSuisse > In a situation where the subkey can be compromised it is likely the main key could be too. Even if we assume that only a subkey is compromised...
@LeSuisse sorry, perhaps I'm missing something obvious. But why would I end up doing key management outside of Vault? Couldn't Vault create a keyring with an "unexportable" certification key, and...