Blackbox GPG Key
Service Name: GNU Privacy Guard (GPG)
Service Description: GNU Privacy Guard (GPG) is a free implementation of the OpenPGP standard that allows users to encrypt and sign data and communications. Blackbox is a tool that uses GPG to encrypt secrets that can be stored in version control.
Service Address: https://gnupg.org/ (for GPG) and https://github.com/StackExchange/blackbox (for Blackbox)
Validation Type: NHI Enriched
IP Allow list: Does not exist
Secret Access Scope: Grants ability to decrypt files encrypted with the corresponding public key. In the context of Blackbox, it allows access to sensitive files stored in version control systems.
Secret Revokement URL: https://www.gnupg.org/gph/en/manual/c14.html
Secret Example:
Suspicious Activity Investigation Instructions:
- Check version control history to see who has accessed or modified encrypted files
- Review system logs for unauthorized GPG key usage.
- Examine commit history to identify any unauthorized changes to
.blackboxconfiguration files. - Check for unexpected decryption of sensitive files
- Monitor for unauthorized additions of new GPG keys to the keyring
Mitigation Instructions:
- Revoke the compromised GPG key using gpg --gen-revoke [KEY_ID] and distribute the revocation certificate
- Remove the compromised key from the Blackbox keyring using blackbox_removeadmin [KEY_ID]
- Generate a new GPG key pair with gpg --full-generate-key
- Add the new key to the Blackbox keyring with blackbox_addadmin [NEW_KEY_ID]
- Re-encrypt all sensitive files with the updated keyring using blackbox_update_all_files
- Update the key on any systems where it was used
- Rotate any secrets that were encrypted with the compromised key