github.com/StackExchange/blackbox/v2@v2.0.1-0.20220331193400-d84e904973ab/docs/expired-keys.md

github.com/StackExchange/blackbox/v2@v2.0.1-0.20220331193400-d84e904973ab/docs/expired-keys.md (about)

     1  Replacing expired keys
     2  ======================
     3  
     4  If someone's key has already expired, blackbox will stop
     5  encrypting.  You see this error:
     6  
     7  ```
     8  $ blackbox_edit_end modified_file.txt
     9  --> Error: can't re-encrypt because a key has expired.
    10  ```
    11  
    12  FYI: Your repo may use `keyrings/live` instead of `.blackbox`. See "Where is the configuration stored?"
    13  
    14  You can also detect keys that are about to expire by issuing this command and manually reviewing the "expired:" dates:
    15  
    16      gpg --homedir=.blackbox  --list-keys
    17  
    18  or... list UIDs that will expire within 1 month from today: (Warning: this also lists keys without an expiration date)
    19  
    20      gpg --homedir=.blackbox --list-keys  --with-colons --fixed-list-mode  | grep ^uid | awk -F: '$6 < '$(( $(date +%s) + 2592000))
    21  
    22  Here's how to replace the key:
    23  
    24  - Step 1. Administrator removes expired user:
    25  
    26  Warning: This process will erase any unencrypted files that you were in the process of editing. Copy them elsewhere and restore the changes when done.
    27  
    28  ```
    29  blackbox_removeadmin expired_user@example.com
    30  # This next command overwrites any changed unencrypted files. See warning above.
    31  blackbox_update_all_files
    32  git commit -m "Re-encrypt all files"
    33  gpg --homedir=.blackbox --delete-key expired_user@example.com
    34  git commit -m 'Cleaned expired_user@example.com from keyring'  .blackbox/*
    35  git push
    36  ```
    37  
    38  - Step 2. Expired user adds an updated key:
    39  
    40  ```
    41  git pull
    42  blackbox_addadmin updated_user@example.com
    43  git commit -m'NEW ADMIN: updated_user@example.com .blackbox/pubring.gpg .blackbox/trustdb.gpg .blackbox/blackbox-admins.txt
    44  git push
    45  ```
    46  
    47  - Step 3. Administrator re-encrypts all files with the updated key of the expired user:
    48  
    49  ```
    50  git pull
    51  gpg --import .blackbox/pubring.gpg
    52  blackbox_update_all_files
    53  git commit -m "Re-encrypt all files"
    54  git push
    55  ```
    56  
    57  - Step 4: Clean up:
    58  
    59  Any files that were temporarily copied in the first step so as to not be overwritten can now be copied back and re-encrypted with the `blackbox_edit_end` command.
    60  
    61  (Thanks to @chishaku for finding a solution to this problem!)
    62