Confidential Howto

How to look at the confidential information

• Make sure you are an accepted member of the list of authorized people, and therefore belong to the appropriate svn group and have access to the confidential information gpg key.
• Make sure you understand the proper handling of both the gpg key and the actual confidential information.
• This implies that you do all of the following on a computer you have reasonable trust in.
• That does not include Free Geek's internal application server or any other public server at Free Geek.
• Check for van Eck Phreakers in the immediate area.
• Just in case, wrap your head in aluminum foil to prevent them from stealing your password.
• svn co svn+ssh://svn.freegeek.org/svn/freegeek_confidential
• cd freegeek_confidential
• gpg -d < passwords
• gpg will ask you for a password. Type it in.
• Read the passwords in your terminal.
• Make sure you close your terminal.
• Make sure you delete any copy you make of the decrypted information.

How to change the confidential information

• Review the security notes from the previous section.
• gpg -d < passwords > to_edit
  • "-d" is for decrypt
  • gpg will ask you for a password. type it in
• Edit to_edit
• gpg -se < to_edit > passwords
  • "-se" is for sign and encrypt
  • gpg will ask you for a password. type it in
  • gpg may ask you if you should use this key even though you don't know it is someone. say yes.
  • gpg will ask you who to encrypt it for. type "staff", hit enter, then hit enter when it repeats the question again
• rm to_edit
• svn commit

How to handle a compromise of this security

Whether because of mishandled keys, staffing changes, or malicious attack, there will come a time when this information will need to have a "change of guards".

• Change all the passwords at each of the places listed.
• gpg --gen-key
• gpg -se < new_passwords > passwords
• rm new_passwords
• gpg --export 8ae62f03 > key
• gpg --export-secret-keys 8ae62f03 > secret_key
• Very carefully redistribute the new key.