← Back to branch summary

~inkscape.dev/inkscape/credentials 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161

Inkscape Credentials Repository
-------------------------------

This repository is for secure sharing of credentials between members of
the Inkscape community.

The two things you'll need to know are Bazaar and GPG.  This document
provides paint-by-numbers directions for both.


1. Install Bazaar and GPG:
==========================
debian/ubuntu:

    % sudo apt-get install bzr
    % sudo apt-get install gnupg

OSX (using ports):

    % sudo port install -v gnupg
    % sudo port install -v bzr


2. Checking out the Credentials Repository:
===========================================
    % bzr branch lp:~inkscape.dev/inkscape/credentials
    % cd credentials


3. Creating Your Own GPG Key:
=============================
Easy enough!  The following command will ask for info it needs to make
the key.  Pick RSA with a keylength of 4096 bits, and be very careful to
set a unique gpg password that you're not using anywhere else:

    % gpg --gen-key

After it's done, you can view your keys:

    % gpg --list-keys

    pub   1024D/F2345678 2010-01-01
    uid                  Foo Bar <foo@bar.org>
    sub   2048g/B9876543 2010-01-01

Your <keyid> is the bit on the pub line following the slash, in this
case 'F2345678'.

You can print out your key with this command:

    % gpg --export -a <keyid>


4. Registering your GPG key:
============================
Next pick a user ID for yourself.  You can use whatever you'd like: Your
launchpad ID, the first part of your email address, or your IRC nick...
whatever you think others will most easily recognize as you.

Knowing your userid and your keyid from above, you can now enter your
gpg key into the system.

    % gpg --export -a <keyid> | tee people/<userid>/gpg.key
    % bzr add people/<userid>/gpg.key
    % bzr commit -m "Add my gpg key"
    % bzr push


5. Request Credentials Access:
==============================
Now that you're registered, you can see about gaining access to the
credentials you need.

To see what credentials are available:

    % ls -1 credentials/
    kickstarter.gpg
    twitter.gpg
    ...

Then, see who to ask for access:

    % bzr log credentials/kickstarter.gpg  | grep committer
    committer: bryce <bryce@ubuntu.com>
    committer: bryce <bryce@canonical.com>

As a general rule, the first person in this list will be the one to ask
first.  If you don't get a response within a day or two try the next
person.


6. Listing Who Can Access Credentials:
======================================
Use the list-credentials script to see who has access for each of the
credentials files:

    % list-credentials
    twitter
          "John Doe <john@gmail.com>"
          "Jane Jones (http://jane.jones.com) <jane@jones.com>"


7. Viewing Credentials:
=======================
Once you've been added to the system, you can view your allowed
credentials via:

    % gpg --decrypt credentials/<file>.gpg


8. Adding Others to Your Keyring:
=================================
In order to give permissions for accessing credentials, you need to add
the other peoples' gpg keys to your local key ring:

    % gpg --import people/*/gpg.key


9. Adding New Credentials:
==========================
Using emacs, vim, or other gpg-enabled editor, open a new encrypted text
file 'credentials/<service>.gpg':

    % emacs credentials/foobar.gpg

Follow the following style for the contents of this file:

Application:    <Service or Application Name>
URL:            <url>
Username:       <username>
Password:       <password>

Once you've filled it out, save the file.  You should be prompted at
this point to select the people whom you want to share the credentials
with.  For instance, in emacs you mark the lines using the 'm' key.


10. Modifying Credentials:
==========================
Using emacs, vim or other gpg-enabled editors you can just directly edit
the appropriate credential file:

    % emacs credentials/twitter.gpg

You'll be prompted for your own gpg password.  To select recipient keys,
run the command:

    M-x epa-file-select-keys

Unfortunately, this doesn't appear to automatically select the existing
recipients, so you'll need to re-mark all of them again.  [TODO: We need
a better tool for this...]  Don't forget to mark yourself too!

Select the [OK] button to exit out of the key selection window.  You'll
need to force emacs to re-save the file; I usually type a letter and
then delete it, then save and exit.


References
==========
https://enter2exit.wordpress.com/2011/03/01/managing-passwords-with-vimgpggit/