george/blackbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

README.md: Add process for updating expired keys. HT @chishaku

Browse Source
This commit is contained in:
tlimoncelli@stackoverflow.com
2016-01-21 11:06:11 -05:00
parent 63edd45499
commit f7a159d685
1 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
README.md
View File

@@ -28,6 +28,7 @@ Table of Contents
* [How to remove a user from the system?](#how-to-remove-a-user-from-the-system) * [How to remove a user from the system?](#how-to-remove-a-user-from-the-system)
* [Enabling Blackbox For a Repo](#enabling-blackbox-for-a-repo) * [Enabling Blackbox For a Repo](#enabling-blackbox-for-a-repo)
* [Set up automated users or "role accounts"](#set-up-automated-users-or-role-accounts) * [Set up automated users or "role accounts"](#set-up-automated-users-or-role-accounts)
* [Replace expired keys](#replace-expired-keys)
* [Some common errors](#some-common-errors) * [Some common errors](#some-common-errors)
* [Using Blackbox without a repo](#using-blackbox-without-a-repo) * [Using Blackbox without a repo](#using-blackbox-without-a-repo)
* [How to submit bugs or ask questions?](#how-to-submit-bugs-or-ask-questions) * [How to submit bugs or ask questions?](#how-to-submit-bugs-or-ask-questions)
@@ -681,6 +682,58 @@ rm -rf /tmp/NEWMASTER
Also shred any other temporary files you may have made. Also shred any other temporary files you may have made.
Replace expired keys:
=========================================
If any one admin's key expires, you can no longer encrypt files. You will need to replace the key
and re-encrypt.
* Step 0: You see this error:
```
$ blackbox_edit_end modified_file.txt
--> Error: can't re-encrypt because a key has expired.
```
* Step 1. Administrator removes expired user:
Warning: This process will erase any unencrypted files that you were in the process of editing. Copy them elsewhere and restore the changes when done.
```
blackbox_removeadmin expired_user@example.com
# This next command overwrites any changed unencrypted files. See warning above.
blackbox_update_all_files
git commit -m "Re-encrypt all files"
gpg --homedir=keyrings/live --delete-key expired_user@example.com
git commit -m 'Cleaned expired_user@example.com from keyring' keyrings/live/*
git push
```
* Step 2. Expired user adds an updated key:
```
git pull
blackbox_addadmin updated_user@example.com
git commit -m'NEW ADMIN: updated_user@example.com keyrings/live/pubring.gpg keyrings/live/trustdb.gpg keyrings/live/blackbox-admins.txt
git push
```
* Step 3. Administrator re-encrypts all files with the updated key of the expired user:
```
git pull
gpg --import keyrings/live/pubring.gpg
blackbox_update_all_files
git commit -m "Re-encrypt all files"
git push
```
* Step 4: Clean up:
Any files that were temporarily copied in the first step so as to not be overwritten can now be copied back and re-encrypted with the `blackbox_edit_end` command.
(Thanks to @chishaku for finding a solution to this problem!)
Some common errors: Some common errors:
========================================= =========================================
@@ -696,6 +749,10 @@ removed from the blackbox-admins.txt file.
to re-encrypt the file with the new key. to re-encrypt the file with the new key.
`Error: can't re-encrypt because a key has expired.` -- A user's key
has expired and can't be used to encrypt any more. Follow the
[Replace expired keys](#replace-expired-keys) tip.
Using Blackbox without a repo Using Blackbox without a repo
=========================== ===========================