Djibian is for you.

It is the operating system foopgp assembles on top of Debian , to give you back the control of your digital life: an OpenPGP identity carried by a physical key (YubiKey or NitroKey), encrypted email , an authentication that depends on no one but you, and — for members — the ability to use the djis as a means of exchange .

Djibian was also designed to run smoothly on both recent machines and old dinosaurs — it is also an excellent way to extend the life span of your computers.

Video walk-through (≈ 5 min). Related post .

Recommended path — install Djibian on a computer

1. Back up your existing data

⚠️ The Djibian installer formats the whole disk of the target machine. If it holds data you care about (photos, documents, contacts, bookmarks…), copy them to an external drive before going further.

If in doubt, take a full disk image (Clonezilla does this very well); you can extract anything you need from it later.

2. Download the Djibian ISO

http://iso.foopgp.org/djibian/latest

Expect 3 to 5 GB.

3. Prepare a USB installer

Use your usual tool — Ventoy , balenaEtcher , Rufus (Windows) or the command line dd for the more seasoned — to burn the ISO onto a USB stick of at least 8 GB.

With Ventoy you can even keep several ISOs on the same stick (very handy to manage different versions).

4. Boot the stick, try it, install it

Plug the stick in, reboot, and at the vendor logo press the boot-menu key (usually F2, F12 or Esc).

Pick Djibian live: the system starts up without touching your disk at all. You can try anything, open the browser, explore the desktop.

When you’re ready, double-click “Install Djibian”: the installation runs on its own, it takes 15 to 45 minutes depending on the speed of the hard drive.

5. First boot: let yourself be guided

The default user is unknow and its password is foopgp.

On the first reboot into your new Djibian, the djibian-onboarding application starts on its own. It walks you through — without a single command line to type — to:

• generate your digital OpenPGP identity (asymmetric-cryptography keys are then split and printed on 5 separate sheets);
• scan and load the corresponding secrets onto your physical key (YubiKey or NitroKey, provided by the association for free past 6.42 Ɉ cumulated );
• add you as a real user of the system, with your home directory configured for your OpenPGP physical key (email decryption and signing, ssh authentication, git commit signing).

The video below follows a new user through exactly that experience:

Note: if a “Warning!” (⚠️) icon shows up at the bottom right of the panel, it means security updates are available. Click the ⚠️ icon right away to launch them.

Related article: “Djibian goes live!” .

Alternative path — keep your current Linux, add our tools

You’d rather keep your Debian (≥ 13) or Ubuntu (≥ 24.04)? You can enable our repository and install only the packages that interest you.

Enable the foopgp repository

wget https://djibian.foopgp.org/debs/djibian-keyring_0.2.1_all.deb
sudo dpkg -i djibian-keyring_0.2.1_all.deb && rm djibian-keyring_0.2.1_all.deb

sudo tee /etc/apt/sources.list.d/foopgp.sources >/dev/null <<'EOF'
Types: deb
URIs: https://djibian.foopgp.org/debs/
Suites: ./
Components:
Signed-By: /usr/local/share/foopgp-archive-keyring.pgp
EOF

sudo apt update

Three packages, and you’re set

sudo apt install djibian-gpgconfig djibian-onboarding pgpid

• djibian-onboarding — the same graphical application as step 5 above. Launch it after install, follow along. The gentlest route in.

• djibian-gpgconfig — the OpenPGP settings that make daily use of a physical key smooth (sensible PIN cache, card parameters, keyserver choice).

• pgpid — the command-line version, for those who prefer. Just two commands, all-in:

  pgpid-gen      # generates your identity + N recovery shares (QR codes)
  pgpid-qrscan   # scans those QR codes and loads everything onto your physical key
  

  That simple.

Going further

• 🎓 Djibian + OpenPGP workshop — 4 hours in person, free. We start from a freshly-installed Djibian, generate your identity, configure your physical key, and verify together that everything signs / decrypts / authenticates. You walk away with a complete working chain. Upcoming sessions.

• 💬 Demonstration: an encrypted email, end-to-end.

See also: OpenPGP-secured email .

• 🔐 A single physical key for every machine on the Internet — sshwgpg, shipped in our packages, lets you hop over ssh to any machine without copying a single private key.

• 📬 Write to us — to join the mailing lists, ask a question, or come and meet us at a workshop.

Welcome home: our new world! 🌍

If you have improvements or corrections to suggest, you can contribute directly on Codeberg .