[pmwiki-users] Flat files crypt/decrypt

Martin Fick mogulguy at yahoo.com
Wed Oct 24 13:46:17 CDT 2007


--- "Patrick R. Michaud" <pmichaud at pobox.com> wrote:
> On Thu, Oct 25, 2007 at 12:38:00AM +0900, Paul John
>
> The tricky part to the whole process is figuring out
> where to store the encryption key ...the key has to 
> be stored in cleartext somewhere, so anyone who is 
> able to gain the encryption key (e.g.,
> by looking at the configuration file containing the
> key) will also be able to decrypt the files.
> 
> There has also been some discussion about this at
> http://www.pmwiki.org/wiki/PITS/00545 .

I have added the following suggestion to that page:

I think that key management could be done by
separating the keys used to encrypt each page and the
passwords used to access the keys.  Each page would
get a randomly generated key, a "page-key", and be
encrypted with that key.  The page-key would then be
stored in the page-key management infrastructure which
could have various implementations.  This page-key
would not ever need to be changed, even when passwords
change.

One form of page-key management could be implemented
with a directory called "page-keys".  In this
directory there would be various key files which would
be bound to a specific password for a user or group
(role) depending on the authentication method being
used.  So, for each combination of password that can
be used to log into the site a separate key file would
exist.  This key file would contain all the page-keys
to all the pages that this particular password can
access.

The page-keys in a key file would be encrypted with a
public key for this file.  This public key would be
stored unencrypted at the beginning of the key file
allowing anyone to add page-keys to this file without
necessarily being able to decrypt the file contents. 
The use of PKI here is important to ensure that any
user creating a page does not have to know the
passwords of all the other users/groups allowed to
access this page.

Finally, the private key for a key file could be
encrypted in the key file with a password allowing the
private key to be something obtuse generated along
with the public key, but the password can be something
simpler for users to remember/type.  This makes it
very easy to change a password, simply re-encrypt the
private key for one key file and voila, done.  No need
to re-encrypt any other pages, files or keys!

A scheme like this would even allow for a (or several)
site wide admin passwords which could be used for
recovery.


-Martin


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



More information about the pmwiki-users mailing list