Difference between revisions of "Confidential Howto"
Jump to navigation
Jump to search
Stillflame (talk | contribs) (→Howto change the confidential information: bettered) |
Stillflame (talk | contribs) |
||
Line 22: | Line 22: | ||
* gpg -se < to_edit > passwords | * gpg -se < to_edit > passwords | ||
* gpg will ask you for a password. type it in | * gpg will ask you for a password. type it in | ||
− | * gpg | + | * gpg may ask you if you should use this key even though you don't know it is someone. say yes. |
− | * rm | + | * gpg will ask you who to encrypt it for. type "staff", hit enter, then hit enter when it repeats the question again |
+ | * rm to_edit | ||
+ | * svn commit | ||
==Howto handle a compromise of this security== | ==Howto handle a compromise of this security== |
Revision as of 13:13, 17 August 2007
Howto look at the confidential information
- make sure you are an accepted member of the list of authorized people, and therefore belong to the appropriate svn group and have access to the confidential information gpg key
- make sure you understand the proper handling of both the gpg key and the actual confidential information
- this implies that you do all of the following on a computer you have reasonable trust in
- that does not include ryukin or any other public server at freegeek
- check for van Eck Phreakers in the immediate area
- just in case, wrap your head in aluminum foil to prevent them from stealing your password
- svn co svn+ssh://svn.freegeek.org/svn/freegeek_confidential
- cd freegeek_confidential
- gpg -d < passwords
- gpg will ask you for a password - type it in
- read the passwords in your terminal
- make sure you close your terminal
- make sure you delete any copy you make of the decrypted information
Howto change the confidential information
- review the security notes from the previous section
- gpg -d < passwords > to_edit
- gpg will ask you for a password. type it in
- edit to_edit
- gpg -se < to_edit > passwords
- gpg will ask you for a password. type it in
- gpg may ask you if you should use this key even though you don't know it is someone. say yes.
- gpg will ask you who to encrypt it for. type "staff", hit enter, then hit enter when it repeats the question again
- rm to_edit
- svn commit
Howto handle a compromise of this security
whether because of mishandled keys, staffing changes, or malicious attack, there will come a time when this information will need to have a "change of guards".
- change all the passwords at each of the places listed
- gpg --gen-key
- gpg -se < new_passwords > passwords
- rm new_passwords
- gpg --export 8ae62f03 > key
- gpg --export-secret-keys 8ae62f03 > secret_key
- very carefully redistribute the new key