Difference between revisions of "Confidential Howto"
Jump to navigation
Jump to search
m (spelling) |
|||
Line 39: | Line 39: | ||
* gpg --export-secret-keys 8ae62f03 > secret_key | * gpg --export-secret-keys 8ae62f03 > secret_key | ||
* ''Very carefully'' redistribute the new key. | * ''Very carefully'' redistribute the new key. | ||
+ | |||
+ | [[Category: Procedures]] |
Revision as of 13:42, 6 July 2010
How to look at the confidential information
- Make sure you are an accepted member of the list of authorized people, and therefore belong to the appropriate svn group and have access to the confidential information gpg key.
- Make sure you understand the proper handling of both the gpg key and the actual confidential information.
- This implies that you do all of the following on a computer you have reasonable trust in.
- That does not include ryukin or any other public server at Free Geek.
- Check for van Eck Phreakers in the immediate area.
- Just in case, wrap your head in aluminum foil to prevent them from stealing your password.
- svn co svn+ssh://svn.freegeek.org/svn/freegeek_confidential
- cd freegeek_confidential
- gpg -d < passwords
- gpg will ask you for a password. Type it in.
- Read the passwords in your terminal.
- Make sure you close your terminal.
- Make sure you delete any copy you make of the decrypted information.
How to change the confidential information
- Review the security notes from the previous section.
- gpg -d < passwords > to_edit
- "-d" is for decrypt
- gpg will ask you for a password. type it in
- Edit to_edit
- gpg -se < to_edit > passwords
- "-se" is for sign and encrypt
- gpg will ask you for a password. type it in
- gpg may ask you if you should use this key even though you don't know it is someone. say yes.
- gpg will ask you who to encrypt it for. type "staff", hit enter, then hit enter when it repeats the question again
- rm to_edit
- svn commit
How to handle a compromise of this security
Whether because of mishandled keys, staffing changes, or malicious attack, there will come a time when this information will need to have a "change of guards".
- Change all the passwords at each of the places listed.
- gpg --gen-key
- gpg -se < new_passwords > passwords
- rm new_passwords
- gpg --export 8ae62f03 > key
- gpg --export-secret-keys 8ae62f03 > secret_key
- Very carefully redistribute the new key.