free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Notes

Bob Mottram 8 years ago
parent
818282650c
commit
d128a5f762
1 changed files with 12 additions and 2 deletions
Unified View Show Diff Stats
  1. 12
    2
      src/freedombone-pass

+ 12
- 2
src/freedombone-pass View File

8 
 #
 8 
 #
9 
 #                    Freedom in the Cloud
 9 
 #                    Freedom in the Cloud
10 
 #
 10 
 #
11 
-# Simple multi-user password store using symmetric encryption
12 
-# and the backup gpg key
11 
+# It's useful to be able to store user passwords, but not a good
12 
+# idea to do that in plain text. This implements a simple password
13 
+# store. It gpg symmetric encrypts passwords using the backups
14 
+# private key as the passphrase.
15 
+#
16 
+# In order for an adversary to obtain the passwords they must have
17 
+# the backups GPG key, which is not obtainable from local or remote
18 
+# backups and can only happen if they get root access to the system
19 
+# (in which case it's game over anyhow) or if they can decrypt
20 
+# a master keydrive or obtain sufficient keydrive fragments.
13 
 #
 21 
 #
14 
 # License
 22 
 # License
15 
 # =======
 23 
 # =======
103 
 done
 111 
 done
104
112
105 
 get_backup_key_id
 113 
 get_backup_key_id
114 
+
115 
+# Use the backups private key as a symmetric passphrase
106 
 MASTER_PASSWORD=$(gpg -q --armor --export-secret-key $MY_BACKUP_KEY_ID)
 116 
 MASTER_PASSWORD=$(gpg -q --armor --export-secret-key $MY_BACKUP_KEY_ID)
107
117
108 
 if [ ! $CURR_USERNAME ]; then
 118 
 if [ ! $CURR_USERNAME ]; then