Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

[OT] Multi-user hierarchical password management via pki

 

 

GnuPG users RSS feed   Index | Next | Previous | View Threaded


sveniu at ifi

Jul 27, 2012, 4:46 AM

Post #1 of 4 (551 views)
Permalink
[OT] Multi-user hierarchical password management via pki

Is there such a thing as a multi-user, hierarchical, arbiter-less,
pki-based
password manager? I'm thinking specifically for use in a system
administration
context where you have multiple sub groups and cross-group roles that
have
access to different sets of passwords.

* Users share one database, and can only view passwords that they are
authorized to access. Authorization is either per-user or per-group.

* Users and groups can be defined either statically, or perhaps
dynamically
looked up through external means like ldap, pam, etc.

* Passwords are organized in a tree/folder structure, and each node
(including
leaves, i.e. passwords) is associated with one or more users or
groups.
Optionally, a user with access to a node would have recursive access
to all
child nodes.

* There is no all-knowing arbiter that can read and write any entry in
the
database. Not having an arbiter will complicates things quite a bit.

* PKI is used so that a new password entry is associated with a list of
users
or groups, and is then encrypted with the target users' pubkeys. A
pubkey
lookup mechanism is needed.

* Preferably have a distributed system, managed by distributed revision
control. This precludes using filesystem semantics like permissions,
acls,
etc, and would instead require the use of a metadata index of sorts.

* Preferably make the system usable without having to rely on a
frontend:
Running 'gpg -d *' would decrypt files encrypted with your pubkey.

As far as I can tell, there exists no such thing -- possibly for very
good
reasons; see below. I've been thinking of how to implement this sort of
system, like so:

* Use one file per password, with a simple structure like:
<path> <access> [<name> <username> <password> <comment>], where
<path>: directory-style path to the entry, e.g. '/dns/resolver/res1'
<access>: user(s)/group(s) with access to the entry. This might have
to
include lookup details, such as ldap url or similar.
<name>: name of entry, e.g. 'root account'

Name, username, password and comment are optional, to facilitate the
creation of password-less branching nodes in the tree, solely for
indicating
user/group access (which then apply recursively).

* Files have inconspicuous names, for example created by hashing the
file
contents, random characters, or a serial number. Possibly add random
decoy
files to discourage traffic analysis. Possibly gather all files in
one tar
or zip archive, which is again encrypted with everyone's pubkeys.
Size is
not a concern.

* Creating a new entry would require inputting the user(s)/group(s)
that
should have access. This, together with the lookup/fetching of target
user
keys, is somewhat tricky.

* Using something like Git would make revision control easy. On the
other
hand, it would make it possible for revoked users to regain
information by
fetching old revisions. This might preclude revision control
altogether.

* Revoking access for users that either leave or switch groups, would
mean
having to re-encrypt all entries where the user had access (and
remove
entries where the user had sole access). Without an all-knowing
arbiter,
this could also easily be a showstopper.

* Having a simple curses-based interface would allow easy navigation of
the
tree, displaying only the entries that the user can access. A web
interface
would not work out, due to the use of pki. A standalone gui
application
could work, for the command line challenged.

Any thoughts on this, especially the showstoppers?

S.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


hka at qbs

Jul 27, 2012, 5:44 AM

Post #2 of 4 (539 views)
Permalink
Re: [OT] Multi-user hierarchical password management via pki [In reply to]

On Friday 27 of July 2012 13:46:02 Sven Ulland wrote:
> Is there such a thing as a multi-user, hierarchical, arbiter-less,
> pki-based
> password manager? I'm thinking specifically for use in a system
> administration
> context where you have multiple sub groups and cross-group roles that
> have
> access to different sets of passwords.

I know about no such FLOSS system.

passpack.com is good at sharing passwords, but it is very rudimentary in
comparision to your requironments.

I know that Hitachi makes "Identity Manger" that claims similar functionality
to what you want, but I've not seen it, let alone use.

Regards,
--
Hubert Kario
QBS - Quality Business Software
02-656 Warszawa, ul. Ksawerów 30/85
tel. +48 (22) 646-61-51, 646-74-24
www.qbs.com.pl

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


hka at qbs

Jul 27, 2012, 5:50 AM

Post #3 of 4 (531 views)
Permalink
Re: [OT] Multi-user hierarchical password management via pki [In reply to]

On Friday 27 of July 2012 13:46:02 Sven Ulland wrote:
> * Revoking access for users that either leave or switch groups, would
> mean
> having to re-encrypt all entries where the user had access (and
> remove
> entries where the user had sole access). Without an all-knowing
> arbiter,
> this could also easily be a showstopper.

If you have PKI it's easy.

All people that have access to an entry have this entry symmetric key
encrypted using their public key.

To change the symmetric key, you decrypt, select new key, encrypt key with
public keys of all people that had access to the entry in the first place. It
is no different than changing the data inside the entry...

It requires usage of cryptographic primitives, not simple wrapers aroung gpg
but it's completely doable.

Regards,
--
Hubert Kario
QBS - Quality Business Software
02-656 Warszawa, ul. Ksawerów 30/85
tel. +48 (22) 646-61-51, 646-74-24
www.qbs.com.pl
Attachments: smime.p7s (2.18 KB)


dkg at fifthhorseman

Jul 28, 2012, 7:53 AM

Post #4 of 4 (539 views)
Permalink
Re: [OT] Multi-user hierarchical password management via pki [In reply to]

On 07/27/2012 07:46 AM, Sven Ulland wrote:
> Is there such a thing as a multi-user, hierarchical, arbiter-less,
> pki-based
> password manager? I'm thinking specifically for use in a system
> administration
> context where you have multiple sub groups and cross-group roles that have
> access to different sets of passwords.

I don't think this precisely meets all of your specs, but it comes
remarkably close:

https://keyringer.sarava.org/

you can get the source here:

git://git.sarava.org/keyringer

I've cc'ed the lead author (Silvio Rhatto) here, in case he wants to
follow up.

hth,

--dkg
Attachments: signature.asc (1.01 KB)

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.