Operations we want to do via this tool - tumpaproject/tumpa GitHub Wiki

This is an incomplete list, we are updating this slowly.

Key operation (on the computer itself)

  • Create a new OpenPGP key, either RSA4096, or Curve25519 (this should be default), we should be able to select the subkeys to generate while doing this. The default can be encryption and signing subkeys. Default expiration days: 3 years
  • Show all the subkeys (including the expired ones) of a selected key
  • Change the expiration date for the given/selected subkeys.
  • Generate new subkeys and add them to the selected primary key. We should be able to tell which kind of subkey we want to generate.
  • Revoke a key
  • Revoke selected subkeys for a given key
  • Add user id to a selected primary key.
  • Revoke a selected user id in a selected primary key.
  • Export the public key from a selected primary key
  • Import an existing secret key
  • Change the passphrase of a selected key

Basic Flow:

  • Take name, email, and passphrase and Create a new OpenPGP key with Curve25519, with encryption and signing subkey and 3 years of expiration (show some copy to indicate this)
  • Show the latest, non expired subkeys
  • Revoke a key
  • Export public key
  • Change passphrase
  • Import an existing secret key

Advanced Settings:

  • Allow users to select encryption between Curve25519 or RSA 4096 while creating keys
  • Allow users to select which subkeys to create while creating keys
  • Allow users to select expiration date in years while creating keys
  • Show all subkeys related to a primary key
  • Allow users to revoke specific subkeys
  • Add user ids to primary key
  • Revoke selected user ids to primary key

Smartcard operations

  • View current information from the card
  • reset a card
  • upload a given subkey to the card
  • change user pin of the card
  • change admin pin of the card
  • set card holder's name in the card
  • set public key URL in the card

Wizard-y Flow

If we want to create a wizard type flow for the very first time users with no experience with GPG whatsoever, the flow would be something like this:

Step 1 Add name, emails, and passphrase to generate key

Step 2 Detect if yubikey inserted, if yes, then show the yubikey selected, if not, show that no yubikey inserted and ask user to insert an yubikey.

If yubikey is detected, check if yubikey is empty. If not, give users a prompt to reset yubikey

Step 3 This is optional step (with a skip or "not now" button possibly) Add name, public URL, new admin pin and new user pin for yubikey

Step 4 A confirmation page showing the key being uploaded to yubikey and the selected yubikey

Step 5 Done