When the first user creates a share, he chooses the path of the KeeShare export, the program loads the list of the public keys it finds in the folder. Then they export only their public keys to the folder where they will also share the exported kdbx.share(s). The process would be quite simple: all the users generate their keys (which are standard ssh-rsa) inside KeePass, which is already possible. Gpg and Pgp do this since ages, and with my friend we were discussing creating a script to encrypt/decrypt the exported kdbx.share with the public keys of the recipients.īut given that KeeShare already has some public/private key management (currently only used for signing), it could be extended to be used also for encryption. If you want to remove somebody, you just need to generate a new random password and encrypt it only with the public key of the remaining people. If you want to add somebody, you just need to encrypt the random key again with their public key. A random password is then generated to symmetrically encrypt the export, and that random password is encrypted with each public key, so all the recipients can decrypt it with their private key. You need just to select the people (of which you already have the public key) with which you want to share a group. Plus, if you have access to a lot of different groups of password, you must manage a lot of different passwords.Īll of that is solved by asymmetric encryption. The problems of symmetric encryption are notorious: you must share the same password over a secure channel with all the people, who can then tell the password to someone else, which forces you to change the password and share it again with everybody. being able to share distinct groups of passwords with distinct bunches of people without telling them the same password(s), and with the possibility to add and remove people that have access to the group(s). We were discussing a similar problem yesterday with a friend, and we depicted a possible solution that involves asymmetric encryption.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |