[pmwiki-users] Flat files crypt/decrypt
Martin Fick
mogulguy at yahoo.com
Wed Oct 24 13:46:17 CDT 2007
--- "Patrick R. Michaud" <pmichaud at pobox.com> wrote:
> On Thu, Oct 25, 2007 at 12:38:00AM +0900, Paul John
>
> The tricky part to the whole process is figuring out
> where to store the encryption key ...the key has to
> be stored in cleartext somewhere, so anyone who is
> able to gain the encryption key (e.g.,
> by looking at the configuration file containing the
> key) will also be able to decrypt the files.
>
> There has also been some discussion about this at
> http://www.pmwiki.org/wiki/PITS/00545 .
I have added the following suggestion to that page:
I think that key management could be done by
separating the keys used to encrypt each page and the
passwords used to access the keys. Each page would
get a randomly generated key, a "page-key", and be
encrypted with that key. The page-key would then be
stored in the page-key management infrastructure which
could have various implementations. This page-key
would not ever need to be changed, even when passwords
change.
One form of page-key management could be implemented
with a directory called "page-keys". In this
directory there would be various key files which would
be bound to a specific password for a user or group
(role) depending on the authentication method being
used. So, for each combination of password that can
be used to log into the site a separate key file would
exist. This key file would contain all the page-keys
to all the pages that this particular password can
access.
The page-keys in a key file would be encrypted with a
public key for this file. This public key would be
stored unencrypted at the beginning of the key file
allowing anyone to add page-keys to this file without
necessarily being able to decrypt the file contents.
The use of PKI here is important to ensure that any
user creating a page does not have to know the
passwords of all the other users/groups allowed to
access this page.
Finally, the private key for a key file could be
encrypted in the key file with a password allowing the
private key to be something obtuse generated along
with the public key, but the password can be something
simpler for users to remember/type. This makes it
very easy to change a password, simply re-encrypt the
private key for one key file and voila, done. No need
to re-encrypt any other pages, files or keys!
A scheme like this would even allow for a (or several)
site wide admin passwords which could be used for
recovery.
-Martin
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the pmwiki-users
mailing list