Distributed Updates

  • Enigmasuite as a Git repo on every box
  • Box polls peers (=friends in the address book) for updates (new commits)
  • Accepts only commits which are gpg signed tags, only from chosen gpg keys
  • User can choose from which gpg key to accept updates
  • Updates can be created from any box in the network
  • Boxes update each other, no internet needed and no central server involved

Attack scenarios

  • GPG privkey compromised

Attack mitigation

  • Only accept tags signed from multiple gpg keys
  • Multiple persons need to be involved in signing process
  • 3 keys. Minimum 2 needed for acceptance
  • 1 key can become compromised
roadmap/distributed-update-system.txt ยท Last modified: 2013/12/31 17:54 by 42
Back to top
GNU Free Documentation License 1.3
chimeric.de = chi`s home Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0