Difference between revisions of "Confidential Howto"
Jump to navigation
Jump to search
Stillflame (talk | contribs) |
|||
Line 18: | Line 18: | ||
* review the security notes from the previous section | * review the security notes from the previous section | ||
* gpg -d < passwords > to_edit | * gpg -d < passwords > to_edit | ||
− | * gpg will ask you for a password. type it in | + | ** "-d" is for decrypt |
+ | ** gpg will ask you for a password. type it in | ||
* edit to_edit | * edit to_edit | ||
* gpg -se < to_edit > passwords | * gpg -se < to_edit > passwords | ||
− | * gpg will ask you for a password. type it in | + | ** "-se" is for sign and encrypt |
− | * gpg may ask you if you should use this key even though you don't know it is someone. say yes. | + | ** gpg will ask you for a password. type it in |
− | * gpg will ask you who to encrypt it for. type "staff", hit enter, then hit enter when it repeats the question again | + | ** gpg may ask you if you should use this key even though you don't know it is someone. say yes. |
+ | ** gpg will ask you who to encrypt it for. type "staff", hit enter, then hit enter when it repeats the question again | ||
* rm to_edit | * rm to_edit | ||
* svn commit | * svn commit |
Revision as of 13:23, 17 August 2007
Howto look at the confidential information
- make sure you are an accepted member of the list of authorized people, and therefore belong to the appropriate svn group and have access to the confidential information gpg key
- make sure you understand the proper handling of both the gpg key and the actual confidential information
- this implies that you do all of the following on a computer you have reasonable trust in
- that does not include ryukin or any other public server at freegeek
- check for van Eck Phreakers in the immediate area
- just in case, wrap your head in aluminum foil to prevent them from stealing your password
- svn co svn+ssh://svn.freegeek.org/svn/freegeek_confidential
- cd freegeek_confidential
- gpg -d < passwords
- gpg will ask you for a password - type it in
- read the passwords in your terminal
- make sure you close your terminal
- make sure you delete any copy you make of the decrypted information
Howto change the confidential information
- review the security notes from the previous section
- gpg -d < passwords > to_edit
- "-d" is for decrypt
- gpg will ask you for a password. type it in
- edit to_edit
- gpg -se < to_edit > passwords
- "-se" is for sign and encrypt
- gpg will ask you for a password. type it in
- gpg may ask you if you should use this key even though you don't know it is someone. say yes.
- gpg will ask you who to encrypt it for. type "staff", hit enter, then hit enter when it repeats the question again
- rm to_edit
- svn commit
Howto handle a compromise of this security
whether because of mishandled keys, staffing changes, or malicious attack, there will come a time when this information will need to have a "change of guards".
- change all the passwords at each of the places listed
- gpg --gen-key
- gpg -se < new_passwords > passwords
- rm new_passwords
- gpg --export 8ae62f03 > key
- gpg --export-secret-keys 8ae62f03 > secret_key
- very carefully redistribute the new key