Difference between revisions of "Confidential Howto"

Howto look at the confidential information

• make sure you are an accepted member of the list of authorized people, and therefore belong to the appropriate svn group and have access to the confidential information gpg key
• make sure you understand the proper handling of both the gpg key and the actual confidential information
• this implies that you do all of the following on a computer you have reasonable trust in
• that does not include ryukin or any other public server at freegeek
• check for van Eck Phreakers in the immediate area
• just in case, wrap your head in aluminum foil to prevent them from stealing your password
• svn co svn+ssh://svn.freegeek.org/svn/freegeek_confidential
• cd freegeek_confidential
• gpg -d < passwords
• read it in your terminal
• make sure you close your terminal
• make sure you delete any copy you make of the decrypted information

Howto change the confidential information

• review the security notes from the previous section
• gpg -d < passwords > new_passwords
• edit new_passwords
• gpg -se < new_passwords > passwords
• rm new_passwords

Howto handle a compromise of this security

whether because of mishandled keys, staffing changes, or malicious attack, there will come a time when this information will need to have a "change of guards".

• change all the passwords at each of the places listed
• gpg --gen-key
• gpg -se < new_passwords > passwords
• rm new_passwords
• gpg --export 8ae62f03 > key
• gpg --export-secret-keys 8ae62f03 > secret_key
• very carefully redistribute the new key