Notes

src/freedombone-pass

@@ -8,8 +8,16 @@
 #
 #                    Freedom in the Cloud
 #
-# Simple multi-user password store using symmetric encryption
-# and the backup gpg key
+# It's useful to be able to store user passwords, but not a good
+# idea to do that in plain text. This implements a simple password
+# store. It gpg symmetric encrypts passwords using the backups
+# private key as the passphrase.
+#
+# In order for an adversary to obtain the passwords they must have
+# the backups GPG key, which is not obtainable from local or remote
+# backups and can only happen if they get root access to the system
+# (in which case it's game over anyhow) or if they can decrypt
+# a master keydrive or obtain sufficient keydrive fragments.
 #
 # License
 # =======
@@ -103,6 +111,8 @@ do
 done
 
 get_backup_key_id
+
+# Use the backups private key as a symmetric passphrase
 MASTER_PASSWORD=$(gpg -q --armor --export-secret-key $MY_BACKUP_KEY_ID)
 
 if [ ! $CURR_USERNAME ]; then