|
|
|
+++
|
|
|
|
title = "ciphey"
|
|
|
|
weight = 1
|
|
|
|
[taxonomies]
|
|
|
|
tags = []
|
|
|
|
+++
|
|
|
|
|
|
|
|
Simply put, `ciphey` is a password and secret manager that is like
|
|
|
|
[`pass`](https://passwordstore.org) if it used
|
|
|
|
[`age`](https://age-encryption.org) instead of PGP. More than anything, it is
|
|
|
|
an experiment to determine how cryptography can be combined in a minimalist
|
|
|
|
manner to protect passwords in a way that accounts for the most realistic
|
|
|
|
threats to their confidentiality, reliability, usability, and resiliency. It
|
|
|
|
takes many of the database and key management ideas from
|
|
|
|
[1Password](https://1password.com) and [Bitwarden](https://bitwarden.com) and
|
|
|
|
combines them with the Unix-like philosophy of `pass`.
|
|
|
|
|
|
|
|
To be clear, `ciphey` is still in development. [The remaining work is outlined
|
|
|
|
below](#remaining-work). While I will be using it as my actual password manager,
|
|
|
|
I strongly recommend that you only experiment with it and not rely on it for any
|
|
|
|
actual passwords.
|
|
|
|
|
|
|
|
*NOTE: This page is a work in progress.*
|
|
|
|
|
|
|
|
## The Basics
|
|
|
|
|
|
|
|
My goal is for `ciphey` to be simple enough that someone with a bit of knowledge
|
|
|
|
about cryptography who wants to understand how their passwords are protected can
|
|
|
|
do so after a short explanation. This sections aims to be that explanation.
|
|
|
|
|
|
|
|
### Entries
|
|
|
|
|
|
|
|
Everything you store in `ciphey` goes into an entry. Generally, you'll have one
|
|
|
|
`entry` per password. However, passwords come in many different forms: as a
|
|
|
|
result, entries are plaintext, which means any file can be used as an entry.
|
|
|
|
|
|
|
|
This doesn't mean there is no structure to entries. For example, take a look at
|
|
|
|
the entry for a hypothetical [`xkcd.com`](https://xkcd.com) account below:
|
|
|
|
|
|
|
|
```
|
|
|
|
correct horse battery staple
|
|
|
|
name: xkcd.com
|
|
|
|
tag: comics
|
|
|
|
username: Tr0ub4dor&3
|
|
|
|
url: https://xkcd.com/936
|
|
|
|
|
|
|
|
To anyone who understands information theory and security and is in an
|
|
|
|
infuriating argument with someone who does not (possibly involving mixed case),
|
|
|
|
I sincerely apologize.
|
|
|
|
```
|
|
|
|
|
|
|
|
The first line of every entry is interpreted as the entry's "secret." In this
|
|
|
|
case, the secret is `correct horse battery staple`, the password for the
|
|
|
|
account. This is usually a password or private key, but can be any value that
|
|
|
|
you might want to access by default. If this doesn't work for you for some
|
|
|
|
reason, no worries; just leave the line blank.
|
|
|
|
|
|
|
|
The secret is followed by any number of optional field-value pairs. Every
|
|
|
|
field-value pair lives on its own line and can contain any information you want,
|
|
|
|
so long as it follows the format `FIELD: VALUE`. Fields can be repeated and in
|
|
|
|
any order. The only limitation is that your `FIELD` cannot contain a `: ` (`:`
|
|
|
|
followed by a space), but the `VALUE` can.
|
|
|
|
|
|
|
|
There are no `FIELD`s with any special meaning (yet), but keeping them
|
|
|
|
consistent will help you find entries more quickly. I strongly recommend giving
|
|
|
|
each entry a `name` field, as this is what `ciphey` uses to search for entries
|
|
|
|
by default.
|
|
|
|
|
|
|
|
Finally, the contents of the file from the first line that doesn't match the
|
|
|
|
pattern `FIELD: VALUE` down to the end of the file is left uninterpreted,
|
|
|
|
meaning that you can save any text that you'd like there. This is called the
|
|
|
|
"note." In the example above, the "note" is the caption text from
|
|
|
|
[xkcd.com/936](https://xkcd.com/936). Separate the notes and the preceding
|
|
|
|
section with a newline.
|
|
|
|
|
|
|
|
### The Entries
|
|
|
|
|
|
|
|
Your `ciphey` database is a folder of files that can live on any filesystem.
|
|
|
|
This folder is completely encrypted, and thus can safely be backed up, shared,
|
|
|
|
or otherwise accessed without any unauthorized party gaining access to the
|
|
|
|
contents of the file.
|
|
|
|
|
|
|
|
```
|
|
|
|
ciphey/
|
|
|
|
└── entries/
|
|
|
|
├── age1sdnql3ksstj7krh7azddygh860f6uttus5t3e9j52t4k5z34kutqyzgr4e.age
|
|
|
|
├── age1ryutmsg486w4y06kq7w0rqm2s08r3sgzlwcl9p9p00jducedevvqkgrvyw.age
|
|
|
|
├── age1mqr5htmadgzlmcdjks79d6ucfe5k46ruavnaxm08m64lpl6h5udqhkwwvp.age
|
|
|
|
└── age1r908d20yj3ntp9q8g0448kwflfgf3au2qmhkkx7zp8xnesfdjfhqpd3r2d.age
|
|
|
|
```
|
|
|
|
|
|
|
|
Each file in the "entries" folder contains a single "entry." The name of each
|
|
|
|
file is the `age` public key the entry is encrypted to. Every entry into your
|
|
|
|
database is encrypted to a unique public key. Without that public key's
|
|
|
|
corresponding private key, the contents of the entry cannot be accessed.
|
|
|
|
|
|
|
|
However, keep in mind that some metadata does leak. Namely, any data associated
|
|
|
|
with the filesystem (date created, date last modified, owner/group, etc.) is NOT
|
|
|
|
protected by `ciphey` by default. It's still a good idea to keep your database
|
|
|
|
away from any curious eyes when it's avoidable.
|
|
|
|
|
|
|
|
### Your Keys
|
|
|
|
|
|
|
|
Every time you unlock your `ciphey` database, you must have two things:
|
|
|
|
|
|
|
|
1. Your `Primary Passphrase` (something you know)
|
|
|
|
2. A `Device Key` (something you have)
|
|
|
|
|
|
|
|
Every "device" you have (i.e. your desktop, laptop, and phone) has its own
|
|
|
|
`Device Key`. This key is generated and stored as a normal file when you first
|
|
|
|
set up `ciphey` on the device, and never leaves it.
|
|
|
|
|
|
|
|
Each `Device Key` is encrypted with your `Primary Passphrase`. Without your
|
|
|
|
`Primary Passphrase`, the `Device Key` cannot be used.
|
|
|
|
|
|
|
|
Alternatively, you can use a `Device Key` stored on a hardware token, such as a
|
|
|
|
Yubikey or OnlyKey. This has the added benefit that the key material never
|
|
|
|
leaves the hardware token, protecting against attacks that can steal key
|
|
|
|
material from your computer's local disk. In order to decrypt your entries, an
|
|
|
|
attacker would have to physically have access your hardware token, in addition
|
|
|
|
to learning your `Primary Passphrase`.
|
|
|
|
|
|
|
|
### Entry Keys
|
|
|
|
|
|
|
|
Every entry in your database is encrypted to a specific `Entry Key`. These entry
|
|
|
|
keys are stored next to the `database` directory in the `keys` directory. Every
|
|
|
|
entry gets its own key so that access can be cryptographically restricted on an
|
|
|
|
entry-by-entry basis.
|
|
|
|
|
|
|
|
The keys stored on the filesystem are encrypted to every `Device Key` that
|
|
|
|
you've given access to the entry.
|
|
|
|
|
|
|
|
### Disaster Recovery
|
|
|
|
|
|
|
|
When you set up your `ciphey` database for the first time, you'll be prompted to
|
|
|
|
create a `Recovery Key`, which is an `age` key encrypted with your `Recovery
|
|
|
|
Passphrase` (By default, your `Primary Passphrase`, but this can optionally be
|
|
|
|
changed). This key should be written down and stored in a safe place, such as in
|
|
|
|
a safe. This way, if you lose all of your devices, you can still regain access
|
|
|
|
to your passwords.
|
|
|
|
|
|
|
|
You can also give a copy of this key and your `Recovery Passphrase` to anybody
|
|
|
|
else who should have access to your accounts in case of an emergency. This way,
|
|
|
|
you can be sure that you're unlikely to ever lose access to your `ciphey` keys.
|
|
|
|
|
|
|
|
### Summary
|
|
|
|
|
|
|
|
Every entry is encrypted with its own unique `Entry Key`.
|
|
|
|
|
|
|
|
`Entry Key`s are encrypted to each `Device Key` that is granted access to the
|
|
|
|
entry. They can be encrypted to other people's `Device Key`s to share an entry
|
|
|
|
with them.
|
|
|
|
|
|
|
|
`Device Key`s are encrypted with your `Primary Passphrase`. They can either live
|
|
|
|
on your filesystem or on a hardware token, like a Yubikey.
|
|
|
|
|
|
|
|
When you first set up `ciphey`, you also create a `Recovery Key`, which every
|
|
|
|
`Entry Key` is encrypted to by default. This `Recovery Key` is encrypted with
|
|
|
|
your `Recovery Passphrase`, which are to be stored offline in a safe place
|
|
|
|
and/or given to trusted individuals so they can be used in case of an emergency.
|
|
|
|
|
|
|
|
### Usage
|
|
|
|
|
|
|
|
## Implementation
|
|
|
|
|
|
|
|
### Entry Parsing
|
|
|
|
|
|
|
|
The entry format was designed to be easy to parse for both humans and programs.
|
|
|
|
The following Rust snippet is a (simplified) example of parsing an Entry from a
|
|
|
|
String `s`:
|
|
|
|
|
|
|
|
```rust
|
|
|
|
// The entry's secret
|
|
|
|
let mut secret: String;
|
|
|
|
// A vector of key/value pairs
|
|
|
|
let mut fields: (String, String) = Vec::new();
|
|
|
|
// The entry's notes
|
|
|
|
let mut notes: Option<String> = None;
|
|
|
|
|
|
|
|
// An iterator over the decrypted lines of the entry file
|
|
|
|
let mut lines = s.lines();
|
|
|
|
|
|
|
|
// The first line contains the secret
|
|
|
|
secret = lines.next();
|
|
|
|
|
|
|
|
while let Some(line) = lines.by_ref().next() {
|
|
|
|
if let Some((key, value)) = line.split_once(": ") {
|
|
|
|
// Add the key and value to fields
|
|
|
|
fields.push((key, value));
|
|
|
|
} else {
|
|
|
|
// Take the rest of the lines and put them into notes
|
|
|
|
notes = Some(
|
|
|
|
std::iter::once(line)
|
|
|
|
.chain(lines.by_ref())
|
|
|
|
.collect::<Vec<String>>()
|
|
|
|
.join("\n"),
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
This particular implementation has a lot of room for improvement. The biggest
|
|
|
|
issue adding complexity is that Rust's `take_while` iterator method is
|
|
|
|
consuming, not peekable, meaning that ownership of the lines it checks is passed
|
|
|
|
to its closure. Thus, the following snippet, which is much easier to
|
|
|
|
read, would not work:
|
|
|
|
|
|
|
|
```rust
|
|
|
|
// An iterator over the decrypted lines of the entry file
|
|
|
|
let mut lines = s.lines();
|
|
|
|
|
|
|
|
// The first line contains the secret
|
|
|
|
secret = lines.next();
|
|
|
|
|
|
|
|
// Take lines while they can be parsed as key/value pairs split by ": "
|
|
|
|
fields = lines.take_while(line.split_once(": ")).map(...);
|
|
|
|
// first line failing take_while is incorrectly dropped here
|
|
|
|
|
|
|
|
// Join the remaining lines as notes
|
|
|
|
notes = lines.collect::<Vec<String>>().join("\n");
|
|
|
|
```
|
|
|
|
|
|
|
|
This is because even though the first line that fails the conditional is
|
|
|
|
consumed by `take_while`, it would neither be added to the fields (as it cannot
|
|
|
|
be parsed as one) nor collected into the vector over the lines of notes, instead
|
|
|
|
being dropped, causing data loss.
|
|
|
|
|
|
|
|
There are a few Rust crates that provide a peekable `take_while`, but they're
|
|
|
|
too big to justify as adding as dependencies for just this feature. It's
|
|
|
|
possible that a simpler approach is possible using an iterative method, but I
|
|
|
|
have not been able to come up with one yet.
|
|
|
|
|
|
|
|
## Remaining Work
|
|
|
|
|
|
|
|
### Password History
|
|
|
|
|
|
|
|
At the moment, there is no built-in support for keeping track of entry changes
|
|
|
|
over time. `pass` uses git to keep track of changes at the filesystem level,
|
|
|
|
while password managers like Bitwarden have built-in support for storing the
|
|
|
|
history of passwords over time.
|
|
|
|
|
|
|
|
Currently, there is nothing stopping someone from manually checking entries into
|
|
|
|
git or another backup solution. However, one way to provide better integration
|
|
|
|
into `ciphey` would be to allow for `pre-hooks` and `post-hooks`. These hooks
|
|
|
|
are scripts that are run before or after specific actions are taken by `ciphey`.
|
|
|
|
This would allow, for example, automatically committing the changes to a git
|
|
|
|
repository and pushing those changes to a remote server after every change made
|
|
|
|
by `ciphey`.
|
|
|
|
|
|
|
|
### File storage
|
|
|
|
|
|
|
|
For the moment, entries must be plaintext files. If you want to encrypt an
|
|
|
|
arbitrary file with `ciphey`, you have to manually create an encryption key,
|
|
|
|
store that key as an entry in `ciphey`, and then manually encrypt said file with
|
|
|
|
the newly-created key.
|
|
|
|
|
|
|
|
It would be beneficial to devise a way to treat encrypted files just like any
|
|
|
|
entry so that the key material for other files can be automatically managed in
|
|
|
|
the same way.
|
|
|
|
|
|
|
|
### Backup
|
|
|
|
|
|
|
|
While `ciphey` makes sure that you don't lose your secret key material through
|
|
|
|
the use of `Recovery Key`s, `ciphey` does not have any built-in backup system
|
|
|
|
for the encrypted `ciphey` database. Of course, you can still back up `ciphey`
|
|
|
|
like any other directory (which is a benefit of it living as just a plain
|
|
|
|
directory), but it may be useful to consider ways that `ciphey` can better
|
|
|
|
integrate or accomodate backups.
|