wiki:faq/admin/keyringer

Version 6 (modified by Nat Meysenburg, 9 years ago) (diff)

--

MFPL Shared Keyring

Support Team Home

MFPL uses an OpenPGP encrypted file, that is shared via git, to store root and encrypted disk passphrases.

To help us securely read and create new keys, we use a program called keyringer.

Members of the support team can access the keys by following these steps:

  • Checkout the keyringer software:
    git clone git://git.sarava.org/keyringer.git
    
  • Edit ~/.bashrc and add the following line, which is the path to your bash $PATH variable. After editing ~/.bashrc:
    export PATH="$PATH:/path/to/keyringer"
    
  • Source your bash:
    source ~/.bashrc
    
  • Initialize the MFPL keyringer. Replace "/path/to/keys" with the path where you want to checkout the MFPL keyring in your filesystem
    keyringer mfpl init /path/to/keys gitosis@git.mayfirst.org:mfpl/keys
    
  • Before you can successfully run the script, you must have all of the people in the "config/recipients" in you gpg keyring. To double check you can run:
    gpg --list-sigs $YOURGPGID
    

and compare it against the list of people in the recipients. Since there are key fingerprints in the recipients files you can grab all the missing ones from the recipients filelike so:

gpg --rcv-keys $KEYFINGERPRINTs
  • Use the bash wrapper script in the MFPL key ringer directory to search for keys. For example, to find the passphrase for assata:
    ./pass assata