FSF Privacy Key
You can also install root SSL CACert.org certificates in your default browser, letting you easily verify sites and people who use the free public key certificates from CACert.org. The programs on the key will even check for updates automatically.
Some of the applications on the key are designed to be used directly from the USB key:
Seahorse PGP Key Manager-
Seahorse will manage your GNU Privacy Guard keyring. You can import
others public keys into your keyring with varying degrees of trust as
well as manage your own PGP identity.
FSF Directory Listing - Seahorse Project Homepage
Revelation Password Manager-
Revelation offers a secure and convenient way to maintain a database of
usernames and password for websites, databases, shell accounts, and
FSF Directory Listing - Revelation Project Homepage
Tor Internet Anonymizer-
Tor, in combination with Privoxy, provides effective masking of your IP
address when accessing Internet resources, making it practically
impossible for any third party to track your Internet activities. The
key includes a new application called TorNado written specifically for
the FPK to help you manage Tor. TorNado will modify your GNOME desktop
proxy settings to use Tor when activated and disable proxy settings
when deactivated. Furthermore, it will attempt to modify the default
profile for Mozilla Firefox, but Firefox must be restarted for the
activation and deactivation to take effect.
FSF Directory Listing - Tor Homepage
OpenSSH Identity Agent-
The OpenSSH identity agent helps you create an SSH identity and to add
it to the running ssh-agent, so that shelling into remote servers
offers your public key as a means of authentication. Please be careful
though -- once the identity is added to the ssh-agent, even with the
USB key removed, that agent still retains the identity's private key in
FSF Directory Listing - OpenSSH Homepage
For workstations you administer, the key has several security features that can be installed.
Install CACert.org Root Certificate
- Selecting this option will launch your GNOME default browser and
attempt to install the root SSL certificate from CACert.org into your
browser's list of trusted root certificate authorities. Some systems
will not correctly identify the MIME type of the certificate, in which
case the certificate will be displayed in the browser as ASCII-armored
text. If your system malfunctions in this way, you will have to import
the certificate by hand.
Install Keyrings as your Defaults - Selecting this option will make the current user's default SSH and PGP keyrings symbolic links to the keyrings on this USB key. Existing keyrings in the current user's home directory will be backed up.
Configuring Your System for Autorun
The GNOME Volume Manager can be configured to automatically launch the FPK toolbox when the key is inserted. To do this, go to your GNOME Preferences for "Removable Drives and Media" or "Removable Storage" and ensure that the box is checked for "Auto-run programs on new drives". The FPK toolbox is launched from the script autorun.sh at the root of the key's file tree. With this GNOME Volume Manager option enabled, each time you insert the key, you will be asked if you wish to run this script.
Some distibutions (notable Breezy Badger) will mount this key with the noexec option as a security precaution. Unfortunately, this will prevent the key from being useful. If you find your distribution mounting the key this way, consult your distribution's documentation for how to reconfigure pmount or remount the drive with the exec flag.
To use the FSF Privacy Key (FPK) on a GNU/Linux distribution, that distribution must provide:
- GNOME Desktop Environment (version 2.8 or later) with libglade2
- A Python interpreter (version 2.3 or later)
- A Filesystem Standard Hierarchy 2.3 compliant file tree
The applications on the FPK expect to be executed from /media/usbdisk in accordance with the Filesystem Hierarchy Standard (FHS) 2.3 standard. The applications will not work reliably if the key is mounted at any other location.
live applications expect to find copies of GNU Privacy Guard (including
gpg-error) and OpenSSH in the system available in the path.