---
:tags: jobs-JRC
---

# DICE design
:original-url: https://docs.google.com/document/d/1lrs2cEq8GjqSjLPWDcKwl8XYCYnChG2y0fWAgMLDlQI/edit

## GPG
- Generate the perfect Key: https://alexcabal.com/creating-the-perfect-gpg-keypair/
- "Does GPG key expiration add to security?": http://security.stackexchange.com/questions/14718/does-openpgp-key-expiration-add-to-security?newreg=72720a55ed764868bb0a9d0b3a4c3809
- How to use authentication subkeys in gpg for SSH public key authentication: https://gist.github.com/andrewlkho/7373190
- Transition-statement with wget: https://blog.josefsson.org/2014/06/23/openpgp-key-transition-statement/
- Offline GnuPG Master Key and Subkeys on YubiKey NEO Smartcard: https://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/
- Apache transition instructions: https://www.apache.org/dev/key-transition.html
- Use OFFLINE master keys: https://incenp.org/notes/2015/using-an-offline-gnupg-master-key.html & https://wiki.debian.org/Subkeys
- YUBICO PGPUser-Guide: https://github.com/drduh/YubiKey-Guide
- Compile new YUBICO GPG Applet: http://www.digitalllama.net/2014/03/importing-your-existing-gpg-key-into.html
- YUBICO genkeys In+Out of card: https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/
- CMD EXAMPLES: http://www.spywarewarrior.com/uiuc/gpg/gpg-com-4.htm
- GPG evaluation 2016: https://www.gnupg.org/conf/2016/openpgp-2016-a-few-concerns.pdf
- X509 sign:
  - https://raymii.org/s/tutorials/Sign_and_verify_text_files_to_public_keys_via_the_OpenSSL_Command_Line.html
  - SO1: http://security.stackexchange.com/questions/108163/sign-gnupg-master-key-with-own-x-509-certificate
  - SO Bridge: http://crypto.stackexchange.com/questions/11582/openpgp-x-509-bridge-how-to-verify-public-key/11709#11709
  - **Signing policy and pgp<-->509 signig instructions**: http://psmay.com/aught-six/key-signing-policy, Questions: http://psmay.com/notary/
  - Can we trust GPG? http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.97.9895&rep=rep1&type=pdf
  - GPG-key stats: http://pgp.science.uu.nl/stats/02b02f070712febd.html
  - on pgp model retirement: https://www.ctrlc.hu/~stef/blog/posts/on_pgp.html
  - https://eprint.iacr.org/2015/967
- Git:
  - https://github.com/blog/2338-sha-1-collision-detection-on-github-com
  - [1] https://blogs.technet.microsoft.com/srd/2012/06/06/flame-malware-collision-attack-explained/
  - [2] http://eprint.iacr.org/2014/871.pdf
  - [3] https://github.com/sprohaska/git-sha-x
  - [1] https://public-inbox.org/git/CA+55aFzJtejiCjV0e43+9oR3QuJK2PiFiLQemytoLpyJWe6P9w@mail.gmail.com/
[ - 2] https://public-inbox.org/git/alpine.LFD.2.20.1702281621050.22202@i7.lan/T/#u

## ZK
ForwardSecureSignatures: http://www.cs.columbia.edu/~tal/papers/CJMM.pdf