User Guide - tumpaproject/tumpa GitHub Wiki

Latest release 0.10.90

You will need pcscd service running in Linux for the application to work.

sudo apt install pcscd -y
sudo systemctl restart pcscd

sudo dnf install pcsc-lite
sudo systemctl restart pcscd

On Mac Sillicon systems, the dmg should just work.

Change admin and user pin

After you upload an openpgpkey to the Yubikey, remember to change/update the admin pin and the user pin. The default admin pin is 12345678 and user pin is 123456.

Data store

The application stores the database in ~/.tumpa/ directory.

Generate Key

Remember to give a strong passphrase for the key. By default we are creating Cv25519 key, but in the advanced section you can choose to create RSA4096 key too. You can also select an expiry date for the keys.

Keys view

You can click on details button and see the details about any key.

One shot mode to mimic air gapped key generation

If you need to generate a key like in an air gapped Tails, but you don't have access to such a system (say you are running on Apple Silicon Mac), you can use the "One shot" mode and generate a key and upload to the smartcards (more than 1 card is better for backup). When you close the application, the secret part of the key is erased from the memory.

Uploading key to Yubikey/Nitrokey/smartcards

Click on "Send Key to Card" for any secret key and you can upload it to attached smart card.

Viewing the attached card details

Remember to update admin & user pin

Every time we upload a key to the smartcard, we must to change the admin & user pin.

Corresponding command line tool

Tumpa-cli is the corresponding command line tool, it has a tcli command for normal human usage. A tclig to do a drop-in replacement for git operations, and for neomutt/mutt integration. tpass command from the same is a password-store replacement.

Apple Mail extension

We have an Apple Mail Extension built for Tahoe https://github.com/tumpaproject/tumpa_mail_extension/releases it works along with tumpa-cli.