Comments (6)
A secret bundle can be encrypted with multiple keys at rest. That is, a bundle will be encrypted with the key of every node that bundle it shared with. We also need to look at how send the encrypted bundle in transit. Look into how git implements transmission of repos. Look and at TLS encryption which is used more often for data in transit.
from polykey.
There also needs to be a sort of a handshake when pulling a bundle, the puller needs to prove to owner of the bundle that it has a private key that is able to decrypt the bundle, so it can send a signed message.
from polykey.
from #13
Imagine two key nodes A and B have synced a particular vault. Now A wants to update/add secrets and does not those secrets to be shared. Since the vault key for this vault is still the same, if B manages to somehow get the encrypted, updated version of the vault it will be able to decrypt it. We need to avoid this issue.This can be done by never sharing the vault key. There is no need. A vault key should only be used to for encryption of secrets at rest for a particular keynode and only that keynode. This means each keynode will maintain its own private vault key (still symmetric) for each vault.But how will a keynode be able to decrypt the vault on synchronisation? It won't. We are using git for transmission occurring the upper dir, which is sandboxed and secure. The transmission channel iteself it secure using tls. The vault is now in the recipients upper dir, once again secure. So at no point during the transmission of the decrypted vault from upper dir to upper dir, is the security violated. Once in the upper dir, the recipient can encrypt it with it's own vault key and persist it.
--
from polykey.
A secret bundle can be encrypted with multiple keys at rest. That is, a bundle will be encrypted with the key of every node that bundle it shared with.
Just in case it wasn't clear with the previous comment, ^^ this is not the case anymore. It will only be encrypted with one key. That key is the keynode's symmetric vault key.
from polykey.
Git vault sharing was implemented in PR #43
from polykey.
Authentication is done via SSL certs and secure gRPC connection, template authorisation is done in the vault itself by storing a list of pubKeys that can access the specified vault. A better authorisation model can be implemented at a later date.
from polykey.
Related Issues (20)
- NodesListConnections handler is randomly mapping IP addresses as IPv6 mapped IPv4 HOT 2
- Use of `ctx` when for `identities` `Provider.authenticate` Interface
- Vault Sharing With GestaltIDs HOT 3
- Setup `audit` domain for tracking user/action events and metrics HOT 14
- Change CLI Demo Gif to Polykey V3 Demo HOT 11
- Setting up `diagnostics` Domain for keeping track of some operational metrics
- `audit` Domain Metrics should be rolling and calculated per AuditEvent insertion
- `NodeManager` should update active connection's `connectedTime` in the `NodeGraph` on an interval
- Complete `NodeManager` tests from decentralised nodes refactor
- replace deprecated `testProp` with `test.prop`
- Limit initial SeedNode connections when entering the network
- Intermittent test failures due to Vaults and Tasks in CI HOT 2
- Vaults clone with name of a vault already existing fails HOT 2
- `NodeConnectionManager.createConnectionMultiple` should stagger connection attempts to reduce duplicate connections HOT 3
- Incremental/Progressive Update using the Network Version of Polykey Agents HOT 4
- CI/CD Commit/Tag Flow Consolidation HOT 1
- Vaults Push Dataflow
- Audit Metric Consolidation HOT 2
- Verify IPv6 NAT Punchthrough Behaviour HOT 8
- Redesign vault clone name conflict handling HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from polykey.