Re: [Health-dev] Build encyption example into live-CD?

[Axel Braun]

Hi Luis,

[...]

> > This requires the creation of a GnuPG set of keys, and shipping of
> > the secret key in the Live-CD.
> > 
> > So far no problem, but I dont have a clear opinion if it is a good
> > idea to ship a secret key with password. Both is requierd, no doubt,
> > and I would clearly mark this key as 'demo'. Is there a potential for
> > abuse?
> 
> The GNU PG key pair is at the client side, so we should be OK for
> signing / validating documents.

..on the live-CD, client and server run in the same environment :-)
 
> So, we shouldn't need to ship / generate key pairs for GnuPG. What I
> would do is to make sure that GPG and it's related python library .

No problem.
 
> For the 2.8 version (Tryton 3.4), the gnuhealth installation program
> call the "serverpass" script, that tightens security using cracklib and 
> encrypts the master server password.

Yes, but thats for the server password and does not help an unexperienced user 
to generate a pair og PGP-Kexs ad make use of it in the Demo-DB. 
If you done it before, PGP key generation is a piece of cake, but dont forget - 
you are developer. If you are new to the encryption stuff it sounds more like 
'OMG, whats that about?', and has some potential to fail.
Even for Pro's (little note: Germany's HASPA, a bank in the northern part, was 
proud to introduce PGP encryption to end customers...until someone made them 
aware that all their keys are invalid - missing self-signature).

But back to the original question....obstacles against a demo-key?

Cheers/Axel