Sep 12 2014

PGP Key Security generating and using SubKeys.

Loosing the private key it’s bad, but if someone steals the private key, it’s a disaster.
Thieves can not only decrypt personal data, they can also impersonate the owner by signing messages with his private key.
Yes, it is possible to revoke the stolen key, but that would mean probably loose years of signatures and basically creating a massive inconvenience to redistribute a new public key to the world. SubKeys can help to prevent this disaster.

Having separate SubKeys makes key management easier and protects you in certain occasions, for example it is possible to create a new SubKey when a previous one gets stolen, without losing previous signatures.
Continue reading


Sep 11 2014

SSH Authentication with PGP Keys.

PGP keys and SSH keys can share the same RSA algorithm and for this reason, with some little tuning it is possible to use a PGP SubKey to authenticate users into SSH Servers.
Continue reading


Aug 14 2014

Paperkey, a good way to print your PGP Private Key.

A reasonable way to achieve a long term backup of Cryptographic Keys (OpernPGP, GnuPG, PGP, etc) is to print them out on paper.
This because printed paper (choosing the best ink type), has amazingly long retention qualities, absolutely longer than magnetic or optical media generally used to Back-UP data.
Continue reading


Jul 8 2014

Check domain NS glue records with ‘dig’

A glue record is the IP address of a NameServer held at the Domain Name registry.
Glue records are required when it is needed to point name servers of a domain-name to a host-name under the domain name itself.

Continue reading


Mar 14 2014

ProxmoxVE: Proxy PVE GUI with NigNX configuring HTTPS on Standard port.

With the release of PVE 3.0, the Proxmox VE Web-Interface does no longer require Apache.
Instead using a standard WebServer, Proxmox team is now proud to use a new event-driven API-Server called ‘pveproxy’ listening on TCP Port 8006 and delivering contents via HTTPS using a self-signed certificate.

Proxying pveproxy behind NgiNX will prevent direct access to the event-driven API-Server, let the administrator to (optionally) add a second layer HTTP authentication, to configure a standard HTTPS TCP port to reach the admin panel and to use his own SSL certificates.
Continue reading