Skip to content

Blackbox GPG Key

Service Name: GNU Privacy Guard (GPG)

Service Description: GNU Privacy Guard (GPG) is a free implementation of the OpenPGP standard that allows users to encrypt and sign data and communications. Blackbox is a tool that uses GPG to encrypt secrets that can be stored in version control.

Service Address: https://gnupg.org/ (for GPG) and https://github.com/StackExchange/blackbox (for Blackbox)

Validation Type: NHI Enriched

IP Allow list: Does not exist

Secret Access Scope: Grants ability to decrypt files encrypted with the corresponding public key. In the context of Blackbox, it allows access to sensitive files stored in version control systems.

Secret Revokement URL: https://www.gnupg.org/gph/en/manual/c14.html

Secret Example:

Suspicious Activity Investigation Instructions:

  • Check version control history to see who has accessed or modified encrypted files
  • Review system logs for unauthorized GPG key usage.
  • Examine commit history to identify any unauthorized changes to .blackbox configuration files.
  • Check for unexpected decryption of sensitive files
  • Monitor for unauthorized additions of new GPG keys to the keyring

Mitigation Instructions:

  • Revoke the compromised GPG key using gpg --gen-revoke [KEY_ID] and distribute the revocation certificate
  • Remove the compromised key from the Blackbox keyring using blackbox_removeadmin [KEY_ID]
  • Generate a new GPG key pair with gpg --full-generate-key
  • Add the new key to the Blackbox keyring with blackbox_addadmin [NEW_KEY_ID]
  • Re-encrypt all sensitive files with the updated keyring using blackbox_update_all_files
  • Update the key on any systems where it was used
  • Rotate any secrets that were encrypted with the compromised key