Skip to content, sitemap or skip to search.

Personal tools
Join now
You are here: Home Associate Member FSF Privacy Key

FSF Privacy Key

by tonyw Contributions Published on Mar 22, 2006 04:04 PM
The free software included on this FSF Privacy Key will help you keep track of your passwords and public encryption keys, allow you to use the Internet anonymously and create an SSH identity that can be run directly from the key.
FSF Privacy Key Mockup

You can also install root SSL CACert.org certificates in your default browser, letting you easily verify sites and people who use the free public key certificates from CACert.org. The programs on the key will even check for updates automatically.


FSF Privacy Key

Live Tools

Some of the applications on the key are designed to be used directly from the USB key:

Seahorse Seahorse PGP Key Manager- Seahorse will manage your GNU Privacy Guard keyring. You can import others public keys into your keyring with varying degrees of trust as well as manage your own PGP identity.
FSF Directory Listing - Seahorse Project Homepage


Revelation Logo Revelation Password Manager- Revelation offers a secure and convenient way to maintain a database of usernames and password for websites, databases, shell accounts, and much more.
FSF Directory Listing - Revelation Project Homepage


Tor Logo Tor Internet Anonymizer- Tor, in combination with Privoxy, provides effective masking of your IP address when accessing Internet resources, making it practically impossible for any third party to track your Internet activities. The key includes a new application called TorNado written specifically for the FPK to help you manage Tor. TorNado will modify your GNOME desktop proxy settings to use Tor when activated and disable proxy settings when deactivated. Furthermore, it will attempt to modify the default profile for Mozilla Firefox, but Firefox must be restarted for the activation and deactivation to take effect.
FSF Directory Listing - Tor Homepage


OpenSSH OpenSSH Identity Agent- The OpenSSH identity agent helps you create an SSH identity and to add it to the running ssh-agent, so that shelling into remote servers offers your public key as a means of authentication. Please be careful though -- once the identity is added to the ssh-agent, even with the USB key removed, that agent still retains the identity's private key in memory.
FSF Directory Listing - OpenSSH Homepage

Install

For workstations you administer, the key has several security features that can be installed.

CACert.org Image Install CACert.org Root Certificate - Selecting this option will launch your GNOME default browser and attempt to install the root SSL certificate from CACert.org into your browser's list of trusted root certificate authorities. Some systems will not correctly identify the MIME type of the certificate, in which case the certificate will be displayed in the browser as ASCII-armored text. If your system malfunctions in this way, you will have to import the certificate by hand.
CACert.org Homepage

Keyring Small Install Keyrings as your Defaults - Selecting this option will make the current user's default SSH and PGP keyrings symbolic links to the keyrings on this USB key. Existing keyrings in the current user's home directory will be backed up.


Configuring Your System for Autorun

The GNOME Volume Manager can be configured to automatically launch the FPK toolbox when the key is inserted. To do this, go to your GNOME Preferences for "Removable Drives and Media" or "Removable Storage" and ensure that the box is checked for "Auto-run programs on new drives". The FPK toolbox is launched from the script autorun.sh at the root of the key's file tree. With this GNOME Volume Manager option enabled, each time you insert the key, you will be asked if you wish to run this script.

Some distibutions (notable Breezy Badger) will mount this key with the noexec option as a security precaution. Unfortunately, this will prevent the key from being useful. If you find your distribution mounting the key this way, consult your distribution's documentation for how to reconfigure pmount or remount the drive with the exec flag.

System Requirements

To use the FSF Privacy Key (FPK) on a GNU/Linux distribution, that distribution must provide:

  • GNOME Desktop Environment (version 2.8 or later) with libglade2
  • A Python interpreter (version 2.3 or later)
  • A Filesystem Standard Hierarchy 2.3 compliant file tree

The applications on the FPK expect to be executed from /media/usbdisk in accordance with the Filesystem Hierarchy Standard (FHS) 2.3 standard. The applications will not work reliably if the key is mounted at any other location.

The live applications expect to find copies of GNU Privacy Guard (including gpg-error) and OpenSSH in the system available in the path.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit.
This product includes cryptographic software written by Eric Young.

Document Actions

The FSF is a charity with a worldwide mission to advance software freedom — learn about our history and work.

fsf.org is powered by:

 

Send your feedback on our translations and new translations of pages to campaigns@fsf.org.