Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
HTTPS site to host keys?
I's like to make more use of encrypted communication but, as usual, implementation across platforms may cause issues.
To this end I would like, perhaps, to purchase a public key and use a website secured by it to serve my keys.
Is that a solved problem?
I'd not considered that, tjhanks, might be worth a look.
Quote:
Originally Posted by jefro
Kind of depends. You could buy a cert or you might be able to make a self signed certificate that you carry with you on a flash drive.
Not totally sure what exactly you want to do with https but I assume you have your own server up.
As it stands I have webspace on two domains but that is with a hosting service so I only have limited access. My thought process is that if I were to make one of them HTTPS then I could simply host my public key on that site and it would be relatively safe to assume that anybody picking it up had the correct key. Without HTTPS I envisage an automated main-in-the-middle attack could mean that the wrong key is given out. I'm not about to make myself a tinfoil hat but I'd like to be able to give my public key to people with a little assurance that it is my public key. It's the flash drive option I'm trying to replace for people I don't see face-to-face.
You would also have to use SSL certificate-based authentication options so that the server would check for a particular client-side key being presented. It can be done with Apache etc if you wish. ("https" cuts both ways ...)
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Original Poster
Rep:
Quote:
Originally Posted by sundialsvcs
You would also have to use SSL certificate-based authentication options so that the server would check for a particular client-side key being presented. It can be done with Apache etc if you wish. ("https" cuts both ways ...)
Ah, yes, so if I give my public key out that's fine but I have no way of confirming the public keys others give me are genuine.
I'm beginning to wonder whether any of this is worth it. This is, in fact, one of the main reasons I don't use encrypted email on a dailey basis -- it's easier to assume all email is read and all is lies and to work around that.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.