Difference between revisions of "Confidential Howto"

Howto look at the confidential information

• make sure you are an accepted member of the list of authorized people, and therefore belong to the appropriate svn group and have access to the confidential information gpg key
• make sure you understand the proper handling of both the gpg key and the actual confidential information
• this implies that you do all of the following on a computer you have reasonable trust in
• that does not include ryukin or any other public server at freegeek
• check for van Eck Phreakers in the immediate area
• just in case, wrap your head in aluminum foil to prevent them from stealing your password
• svn co svn+ssh://svn.freegeek.org/svn/freegeek_confidential
• cd freegeek_confidential
• gpg -d < passwords
• gpg will ask you for a password - type it in
• read the passwords in your terminal
• make sure you close your terminal
• make sure you delete any copy you make of the decrypted information

Howto change the confidential information

• review the security notes from the previous section
• gpg -d < passwords > to_edit
• gpg will ask you for a password. type it in
• edit to_edit
• gpg -se < to_edit > passwords
• gpg will ask you for a password. type it in
• gpg may ask you if you should use this key even though you don't know it is someone. say yes.
• gpg will ask you who to encrypt it for. type "staff", hit enter, then hit enter when it repeats the question again
• rm to_edit
• svn commit

Howto handle a compromise of this security

whether because of mishandled keys, staffing changes, or malicious attack, there will come a time when this information will need to have a "change of guards".

• change all the passwords at each of the places listed
• gpg --gen-key
• gpg -se < new_passwords > passwords
• rm new_passwords
• gpg --export 8ae62f03 > key
• gpg --export-secret-keys 8ae62f03 > secret_key
• very carefully redistribute the new key