[pmwiki-users] Flat files crypt/decrypt

Patrick R. Michaud pmichaud at pobox.com
Wed Oct 24 14:33:14 CDT 2007


On Wed, Oct 24, 2007 at 11:46:17AM -0700, Martin Fick wrote:
> --- "Patrick R. Michaud" <pmichaud at pobox.com> wrote:
> > On Thu, Oct 25, 2007 at 12:38:00AM +0900, Paul John
> >
> > The tricky part to the whole process is figuring out
> > where to store the encryption key ...the key has to 
> > be stored in cleartext somewhere, so anyone who is 
> > able to gain the encryption key (e.g.,
> > by looking at the configuration file containing the
> > key) will also be able to decrypt the files.
> 
> I think that key management could be done by
> separating the keys used to encrypt each page and the
> passwords used to access the keys.  Each page would
> get a randomly generated key, a "page-key", and be
> encrypted with that key.  The page-key would then be
> stored in the page-key management infrastructure which
> could have various implementations.  This page-key
> would not ever need to be changed, even when passwords
> change.
> [...]
> So, for each combination of password that can
> be used to log into the site a separate key file would
> exist.  This key file would contain all the page-keys
> to all the pages that this particular password can
> access.

This approach still suffers from the problem that if
the key files are lost or corrupted (or the passwords
needed to decrypt the key files), then all of the page
data is truly lost.

Also, I'm not quite sure how one would deal with admin
passwords -- it would seem that the key file corresponding
to an admin password would need to contain the page keys
for every page on the system.  If an admin then wanted to
change the admin password, a completely new key file would 
need to be generated that would contain all of the page keys, yes?
Where would we get that list from?

> [...]
> Finally, the private key for a key file could be
> encrypted in the key file with a password allowing the
> private key to be something obtuse generated along
> with the public key, but the password can be something
> simpler for users to remember/type.  

Who are the "users" in this last sentence -- do you mean
"visitors to a site" or the "site administrator"?

Here's a scenario:  let's suppose that I'm an author (not admin)
that wants to set a new edit password on a page.  Where does the
system go to get the (existing) page key for the page, so that
it can create the key file?

(Regardless, the above scenario sounds _far_ more complex
than anything I want to implement anytime soon, so I highly
recommend that a cookbook recipe be made for it if someone
is truly interested.)

Pm



More information about the pmwiki-users mailing list