wiki:faq/admin/keyringer

Version 11 (modified by Jamie McClelland, 9 years ago) (diff)

--

MFPL Shared Keyring

Support Team Home

MFPL uses an OpenPGP encrypted file, that is shared via git, to store root and encrypted disk passphrases.

To help us securely read and create new keys, we use a program called keyringer.

Members of the support team can access the keys by following these steps:

  • Checkout the keyringer software:
    git clone git://git.sarava.org/keyringer.git
    
  • Edit ~/.bashrc and add the following line, which is the path to your bash $PATH variable. After editing ~/.bashrc:
    export PATH="$PATH:/path/to/keyringer"
    
  • Source your bash:
    source ~/.bashrc
    
  • Initialize the MFPL keyringer. Replace "/path/to/keys" with the path where you want to checkout the MFPL keyring in your filesystem
    keyringer mfpl init /path/to/keys gitosis@git.mayfirst.org:mfpl/keys
    
  • Before you can successfully run the script, you must have all of the people in the "config/recipients" in you gpg keyring. To double check you can run:
    # find your gpgid with
    gpg --list-secret-key 
    gpg --list-sigs $YOURGPGID
    
    and compare it against the list of people in the recipients. Since there are key fingerprints in the recipients files you can grab all the missing ones from the recipients file like so, replacing $KEYFINGERPRINT with the actual fingerprint you are missing:
    gpg --recv-keys $KEYFINGERPRINT
    
  • Create a symlink to the pass script in the keys directory in your bin directory:
    ln -s /path/to/keys/pass ~/bin/
    
  • Use the bash wrapper script in the MFPL key ringer directory to search for keys. For example, to find the passphrase for assata:
    pass assata