commit: 68d08d3882061c1803fa691345d30788d820c87f
parent 7599e27d40dbbe71c6728f7a3969a9c63ef052bf
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Thu, 3 May 2018 07:40:36 +0200
canary.asc: Update
Diffstat:
| M | canary.asc | 45 | ++++++++++++++++++++++++++++++++------------- |
1 file changed, 32 insertions(+), 13 deletions(-)
diff --git a/canary.asc b/canary.asc
@@ -7,7 +7,15 @@ I choosed OpenPGP because it allows to:
• have a crypto-signed: text, date, expiration date
• make more use of good cryptography
-This canary will be updated as often as possible and cryptographicaly expires after 6 months.
+This canary will be updated as often as possible and cryptographicaly expires after 2 months.
+
+## Why a canary?
+I originally started it for fun, but I ended up:
+• Hosting my own software, which is a good thing btw. https://hacktivis.me/git/
+• Being a proxy-maintainer for few gentoo packages
+• Hosting my own social-network instance
+
+And I will probably have more involvements in the future and I think it's better and or even mandatory to have a canary in thoses cases.
## Statements
• anything that can harm and/or have harmed data, received or send to me and or my machines:
@@ -21,30 +29,41 @@ This canary will be updated as often as possible and cryptographicaly expires af
• my keys are all safe and protected and old ones are revoked and few old ones unuseable(shred)
• On 2016-12-17 I made myself a new keyring, the old one was a huge mess… sorry for the mess of revoked keys
• On 2017-05-03 04:19:00 I made new (ECC) keys, after hardware failure and no backups or old keys, and so broke HPKP
- • On 2018-01-11 I changed my default GPG key set to DDC9237C14CF6F4DD847F6B390D93ACCFEFF61AE and it’s now store only on a Nitrokey Start and a paperkey backup
+ • On 2018-01-11 I changed my default OpenPGP key set to DDC9237C14CF6F4DD847F6B390D93ACCFEFF61AE and it’s now store only on a Nitrokey Start and a paperkey backup [2]
### Certificates Log (for hacktivis.me)
-Begin on/Not Before; Expire on/Not After; Organisation; Serial
-2018-01-22T00:24:54; 2018-04-22T00:24:54; Let's Encrypt; 03:56:2e:f8:c5:5f:24:08:4b:52:15:71:03:cf:7d:64:4b:23
-2017-10-23T23:02:20; 2018-01-21T23:02:20; Let's Encrypt; 03:2E:23:BF:A9:31:5C:25:5F:12:00:70:44:12:3E:DB:77:BD
-2017-07-25T23:56:00; 2017-10-23T23:56:00; Let's Encrypt; 03:BC:D9:81:CF:CA:53:90:2E:90:B4:D0:81:26:6A:4B:C6:34
+Begin on/Not Before; Expire on/Not After; Organisation; SHA256 Fingerprint
+2018-03-22T23:17:24; 2018-06-20T23:17:24; Let's Encrypt; D0:5B:25:9C:3D:2E:E4:FD:78:B5:1C:7C:58:A0:FD:29:81:8E:7F:68:CE:95:D6:4E:CC:84:BD:E0:2A:5F:17:9A
+2018-01-22T00:24:54; 2018-04-22T00:24:54; Let's Encrypt
+2017-10-23T23:02:20; 2018-01-21T23:02:20; Let's Encrypt
+2017-07-25T23:56:00; 2017-10-23T23:56:00; Let's Encrypt
-### TL;DR
-• I’m safe but you should not have a blind trust on me.
+Note: The certificates are automatically renewed by acme.sh, this canary isn't so expect a bit of lag.
+Command used for the fingerprint: openssl x509 -fingerprint -sha256 -noout -in ~/.acme.sh/hacktivis.me_ecc/hacktivis.me.cer
+
+## Recent News
+• Void Linux got a central point of failure in their management and are avoiding it: https://www.voidlinux.eu/news/2018/05/serious-issues.html
+• Mozilla continues in a weird path with Privacy/Public Relation, they want to show ads again (and hi again to Pocket): https://blog.mozilla.org/futurereleases/2018/04/30/a-privacy-conscious-approach-to-sponsored-content/
+• The new Stardew Valley update calls you out for dating everyone (And so I guess I'm not updating it…): https://www.pcgamer.com/the-new-stardew-valley-update-calls-you-out-for-dating-everyone/
## Commands used
• cp canary.asc canary
• vis canary
-• gpg --default-sig-expire 6m --clearsign canary
+• gpg --default-sig-expire 2m --clearsign canary
• shred -u canary
+### TL;DR
+• I’m safe but you should not have a blind trust on me.
+
+- --
Inspired by: https://fyb.patternsinthevoid.net/canary.asc and https://github.com/QubesOS/qubes-secpack/blob/master/canaries
1: https://hacktivis.me/articles/La%20neutralit%C3%A9e%20du%20Net%20sur%20un%20wifi%20Orange%E2%84%A2,%20deuxi%C3%A8me%20mensonge
+2: https://hacktivis.me/articles/I%20changed%20my%20OpenPGP%20keys
-----BEGIN PGP SIGNATURE-----
-iHsEARYKACMWIQT4W9xj/ZtK9Ev2uBLVt6jkPJl97gUCWnd7RgWDAO1OAAAKCRDV
-t6jkPJl97nh6AQC8y8FTbNJU0Y8OF98n9gMHU1iPvZdbCRUkyCqPYclcwwEAqpno
-MUDnteh0Yfjfw3ZVOdPRgLrKAz6tgj5EO5AfZw0=
-=8nx9
+iHsEARYKACMWIQT4W9xj/ZtK9Ev2uBLVt6jkPJl97gUCWuqgnAWDAE8aAAAKCRDV
+t6jkPJl97v3TAP0fXL5JxGfbL1KMCsdEEoZvUadsGWLXYsqv2PQs/bwQGwEA8s6d
+L6IwC18sOoozaqO58SvcLyRtHzMzEED29vqncAs=
+=ChCp
-----END PGP SIGNATURE-----
