Skip to content

Encryption

Jump to bottom Edit New page
psunix edited this page Mar 3, 2020 · 11 revisions

Caption

Caption

Name Description
private_key encrypted Private RSA key encrypted with user's password
private_key Unencrypted private RSA key to decrypt team passwords
public_key Public RSA key to encrypt team passwords
Clear-text team-password Password from team as clear-text
Encrypted team-password Team-password encrypted with public RSA key
Clear-text account data account data(password, username, attachment) as clear-text
Clear-text account data account data(password, username, attachment) encrypted with public with teampassword
Clear-text user-password Password from user as clear-text
Encrypted user-password User-password encrypted with public RSA key
User Bob An example user named Bob
User Alice An example user named Alice

Create new User

Create New User work-flow

  1. A new RSA key pair is generated
  2. RSA private key is encrypted with user's password
  3. RSA key pair saved as User attributes

User Bob creates new Team

Create New Team work-flow

  1. Random team-password is created
  2. Team-password is encrypted with Bob's public key
  3. Encrypted password saved as Teammember attribute
  4. if private: admins will not have access on this Team

There will be no passwords in the model Team

User Bob adds Alice to Team

Add user to team work-flow

  1. Encrypted password is decrypted with Bob's private key
  2. Team-password is encrypted with Alice's public key
  3. Encrypted password saved in new Teammember as attribute

User Bob creates account

Create acc work-flow

  1. Encrypted team-password is decrypted with Bob's private key
  2. Account-data is encrypted with plain-text team-password
  3. Encrypted account-data saved as Account attributes

User Bob reads account data

Read acc pw as user work-flow

  1. Encrypted team-password is decrypted with Bob's private key
  2. Encrypted account-data is decrypted with plain-text team-password

User Bob login

Login work-flow

  1. Decrypt encrypted private RSA key with Bob's plain-text user-password
  2. Save decrypted private RSA key in Session

The private RSA key will never be saved in plain-text except in a session!

Bob provides new LDAP password

new LDAP password workflow

  1. The user Bob changes his LDAP passowrd
  2. Bob login on Cryptopus with his new password
  3. A Form will be shown, in which Bob must enter the new and the old password
  4. Does Bob remember the old password?
  5. If not a new recrypt request will be created
  6. Else, decrypt encrypted private key with old password
  7. Encrypt private key with new password and save in DB

Root process Bobs recrypt request

root process Bobs recrypt request

  1. Root logs in and applies Bob's recrypt request
  2. Process all teams with Bob's membership which are accessible by root
  3. Decrypt encrypted team-password with root's private key
  4. Team-password is encrypted with Bob's new public key

Admin process Bobs recrypt request

root process Bobs recrypt request

  1. Admin logs in and applies Bob's recrypt request
  2. Process all teams with Bob's membership which are accessible by admin
  3. Decrypt encrypted team-password with admin's private key
  4. Team-password is encrypted with Bob's new public key
Add a custom footer
Add a custom sidebar
Clone this wiki locally