Finally did activate the NXP SE050 Secure Element in my Nitrokey 3 and generated new on-device keys, by using the amazing "oct" (openpgp-card-tools).
Almost entirely using the modern rust-based openpgp implementations now:
- oct for card management and file signing
- openpgp-card-ssh-agent for SSH authentication
- rsop-oct for file encryption/decryption and package signing
- oct-git for git signing of my code commits
The only part, where I still rely on classic openpgp, is my MUA KMail, where alternatives aren't yet supported.
And it's still a pain, that modern GPG implementations aren't available as Fedora packages *sigh* but cargo works sufficiently well for now.
#linux #rust #openpgp #nitrokey #crypto #security @hko @fedora @nitrokey