Blackbox: Difference between revisions

From Omnia
Jump to navigation Jump to search
 
Line 25: Line 25:


== Trust all keys ==
== Trust all keys ==


<pre>
<pre>
Line 41: Line 42:
  gpg --export-ownertrust && echo $fpr:6: |gpg --import-ownertrust
  gpg --export-ownertrust && echo $fpr:6: |gpg --import-ownertrust


Trust last added key:
Trust very last added key ultimately:
<pre>
<pre>
gpg --list-keys --fingerprint \
gpg --list-keys --fingerprint \
Line 51: Line 52:
</pre>
</pre>


Trust all key: (my version of the above)
Trust very last added key fully:
<pre>
gpg --list-keys --fingerprint \
    | grep ^pub -A 1 \
    | tail -1 \
    | tr -d ' ' \
    | awk 'BEGIN { FS = "\n" } ; { print $1":5:" }' \
    | gpg --import-ownertrust
</pre>
 
Trust all keys ultimately: (my version of the above)
<pre>
<pre>
gpg --list-keys --fingerprint \
gpg --list-keys --fingerprint \
Line 59: Line 70:
     | sed 's/ //g' \
     | sed 's/ //g' \
     | awk 'BEGIN { FS = "\n" } ; { print $1":6:" }' \
     | awk 'BEGIN { FS = "\n" } ; { print $1":6:" }' \
    | gpg --import-ownertrust
</pre>
Note, if you want to trust all keys fully, you will need something like this that excludes your own key:
Trust all keys fully: (excluding my own key - grep -v "XXXXXXXX")
<pre>
gpg --list-keys --fingerprint \
    | grep ^pub -A 1 \
    | grep -v "^pub" \
    | grep -v "^--" \
    | sed 's/ //g' \
    | grep -v "XXXXXXXX..." \
    | awk 'BEGIN { FS = "\n" } ; { print $1":5:" }' \
     | gpg --import-ownertrust
     | gpg --import-ownertrust
</pre>
</pre>


ref: https://stackoverflow.com/questions/13116457/how-to-make-auto-trust-gpg-public-key
ref: https://stackoverflow.com/questions/13116457/how-to-make-auto-trust-gpg-public-key
----
<pre>
      --import-ownertrust
              Update  the  trustdb with the ownertrust values stored in files (or STDIN if not given); existing values will
              be overwritten.  In case of a severely damaged trustdb and if you have a recent backup of the ownertrust val‐
              ues (e.g. in the file ‘otrust.txt’), you may re-create the trustdb using these commands:
                  cd ~/.gnupg
                  rm trustdb.gpg
                  gpg --import-ownertrust < otrust.txt
</pre>
In GPG app trust is:
<pre>
  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu
</pre>
In the Record TRUST is zero based, so add one:
<pre>
5 - fully
6 - Ultimate
</pre>
Sample:
<pre>
#### UID:TRUST:
51D8B1B5661C40BB39B8569F07272E36344B7F9D:6:
</pre>


== Email with multiple keys ==
== Email with multiple keys ==

Latest revision as of 18:54, 13 May 2026

Blackbox

https://github.com/StackExchange/blackbox

Installation

# git clone ssh://git@github.com/StackExchange/blackbox
git clone https://github.com/StackExchange/blackbox
cd blackbox
sudo make copy-install

Installs to /usr/local/bin

Import keyring

gpg2 --keyring keyrings/live/pubring.kbx  --export | gpg2 --import

or 

gpg --keyring .blackbox/pubring.kbx --export | gpg --import

GPG=gpg2 blackbox_update_all_files

ref: https://github.com/StackExchange/blackbox/issues/184

Trust all keys

# The "-E" makes this work with both GNU sed and OS X sed
gpg --list-keys --fingerprint --with-colons |
  sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |
  gpg --import-ownertrust

gpg --export-ownertrust | sed 's/:.*/:5:/' | gpg --import-ownertrust

echo -e "5\ny\n" |  gpg --homedir . --command-fd 0 --expert --edit-key user@exaple.com trust;

gpg --import <user-id.keyfile>
fpr=`gpg --with-colons --fingerprint <user-id> |awk -F: '$1 == "fpr" {print$10; exit}'`
gpg --export-ownertrust && echo $fpr:6: |gpg --import-ownertrust

Trust very last added key ultimately: 

gpg --list-keys --fingerprint \
    | grep ^pub -A 1 \
    | tail -1 \
    | tr -d ' ' \
    | awk 'BEGIN { FS = "\n" } ; { print $1":6:" }' \
    | gpg --import-ownertrust

Trust very last added key fully: 

gpg --list-keys --fingerprint \
    | grep ^pub -A 1 \
    | tail -1 \
    | tr -d ' ' \
    | awk 'BEGIN { FS = "\n" } ; { print $1":5:" }' \
    | gpg --import-ownertrust

Trust all keys ultimately: (my version of the above) 

gpg --list-keys --fingerprint \
    | grep ^pub -A 1 \
    | grep -v "^pub" \
    | grep -v "^--" \
    | sed 's/ //g' \
    | awk 'BEGIN { FS = "\n" } ; { print $1":6:" }' \
    | gpg --import-ownertrust

Note, if you want to trust all keys fully, you will need something like this that excludes your own key:

Trust all keys fully: (excluding my own key - grep -v "XXXXXXXX") 

gpg --list-keys --fingerprint \
    | grep ^pub -A 1 \
    | grep -v "^pub" \
    | grep -v "^--" \
    | sed 's/ //g' \
    | grep -v "XXXXXXXX..." \
    | awk 'BEGIN { FS = "\n" } ; { print $1":5:" }' \
    | gpg --import-ownertrust

ref: https://stackoverflow.com/questions/13116457/how-to-make-auto-trust-gpg-public-key 

       --import-ownertrust
              Update  the  trustdb with the ownertrust values stored in files (or STDIN if not given); existing values will
              be overwritten.  In case of a severely damaged trustdb and if you have a recent backup of the ownertrust val‐
              ues (e.g. in the file ‘otrust.txt’), you may re-create the trustdb using these commands:
                  cd ~/.gnupg
                  rm trustdb.gpg
                  gpg --import-ownertrust < otrust.txt

In GPG app trust is: 

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

In the Record TRUST is zero based, so add one: 

5 - fully
6 - Ultimate

Sample: 

#### UID:TRUST:
51D8B1B5661C40BB39B8569F07272E36344B7F9D:6:

Email with multiple keys

My team has found a workaround for now with this issue. We are putting the key ID in the admin file, and putting a comment on the same line with the user email.

Example:

ABC12345 # admin@admin.com

ref: https://github.com/StackExchange/blackbox/issues/199

Importing gpg

To trust your fellow admin: 

gpg --edit-keys [ID]
 lsign
 save

blackbox_check

/usr/local/bin/blackbox_check 

#!/bin/bash

echo "== Checking Blackbox Files =="
blackbox_list_files | while IFS= read -r line ; do
  if [ ! -e ${line}.gpg ] ; then
    echo "MISSING: ${line}"
  fi
done

/usr/local/bin/blackbox_check_reverse 

#!/bin/bash

if [ "$1" == "debug" ] ; then debug=true ; else debug=false ; fi

echo "== Checking Files against Blackbox =="
echo "=== MISSING GPG FILES FROM BLACKBOX ==="
tmp=`mktemp`
blackbox_list_files>$tmp
find . -not -path "./.blackbox/*" -iname "*.gpg" -printf "%P\n" | while IFS= read -r line ; do
  filename=`echo $line | sed 's/.gpg$//'`
  grep $filename $tmp > /dev/null
  if [ $? -ne 0 ] ; then
    echo "$line"
  else
    if $debug ; then echo "OK: $line" ; fi
  fi
done
rm -f $tmp

keywords

Retrieved from "https://aznot.com/index.php?title=Blackbox&oldid=9919"