Confidential Howto
Revision as of 12:40, 17 August 2007 by Stillflame (talk | contribs) (started the howto on using gpg to view confidential information file)
Howto look at the confidential information
- make sure you are an accepted member of the list of authorized people, and therefore belong to the appropriate svn group and have access to the confidential information gpg key
- make sure you understand the proper handling of both the gpg key and the actual confidential information
- this implies that you do all of the following on a computer you have reasonable trust in
- that does not include ryukin or any other public server at freegeek
- check for van Eck Phreakers in the immediate area
- just in case, wrap your head in aluminum foil to prevent them from stealing your password
- svn co svn+ssh://svn.freegeek.org/svn/freegeek_confidential
- cd freegeek_confidential
- gpg -d < passwords
- read it in your terminal
- make sure you close your terminal
- make sure you delete any copy you make of the decrypted information
Howto change the confidential information
- review the security notes from the previous section
- gpg -d < passwords > new_passwords
- edit new_passwords
- gpg -se < new_passwords > passwords
- rm new_passwords
Howto handle a compromise of this security
whether because of mishandled keys, staffing changes, or malicious attack, there will come a time when this information will need to have a "change of guards".
- change all the passwords at each of the places listed
- gpg --gen-key
- gpg -se < new_passwords > passwords
- rm new_passwords
- gpg --export 8ae62f03 > key
- gpg --export-secret-keys 8ae62f03 > secret_key
- very carefully redistribute the new key